Parsing security risks in FTP File Transfer Protocol

When we use the tcp ip protocol for transmission management, many of its protocols have more or less security problems. Now let's take a look at the security issues related to the FTP File Transfer Protocol. In this case, we hope you can clarify the principles in this regard.

1. FTP Port Mode

The FTP Port mode brings many problems to network administrators. First, the encoding of IP addresses and PORT numbers in the Port command message is not straightforward, protocol commands at the application layer should not theoretically contain network address information (Note: IP address), because this breaks the protocol layer principle and may cause coordination and security issues ｡

2. plaintext transmission of user names and passwords

Another notorious issue with the FTP File Transfer Protocol is that it sends usernames and passwords in plaintext, that is to say, sending is not encrypted. Anyone who places a protocol analyzer in a proper location in the network can see the user name and password. FTP data is also transmitted in plaintext, by monitoring FTP connections and collecting data, you can collect and reproduce FTP data transmission and implement protocol connection playback. In fact, many users use the same user name and password in different applications, this may seem worse. If hackers collect FTP passwords, they may also get passwords for your online account or other confidential data ｡

3. Work on the TCP layer

The FTP file transmission protocol is based on tcp. To ensure reliable FTP transmission, tcp must establish a connected bit stream and divide user data into data segments, set a timer (used for timeout retransmission) when sending data, confirm the data sent from the other party (the confirmation information can be carried on the data packet), and re-sort the received data, discard duplicate data packets, provide end-to-end traffic control (tcp Sliding Window Protocol for effective transmission of batch data), calculate and verify end-to-end checksum ｡

4. Work on the IP layer

The IP layer determines the path (three paths: Host path, network path, and default path). When the path is determined, ICMP reports the error information and other situations that should be noted ｡

5. Work on the data link layer

Find the MAC address of the target host through the ARP table. If not, learn the MAC address of the target host through ARP request/response packets ｡

6. Physical Layer work

Transmit the original bit stream over the communication channel ｡

The following is a specific example to illustrate this process.

The reason is that three Ethernet (SUN, MOON, WATER) are connected to a router (ROUTE). The first two IP addresses are both 10.0.

Assume that E is the FTP File Transfer Protocol server, and A accesses E as the FTP client.