Research on unsafe factors in FTP service programs

FTP (File tranfer Protocol) is a very old protocol to come, since the beginning of Unix has been used, FTP because not only can provide multiple users at the same time download the function, but also allow users to upload files, in the continuous development, can also use FTP remote execution command , because FTP generally need account and password, and for different accounts can provide different permissions, due to so many functions, so still is quite popular. However, I will say the following about the security aspects of the FTP service program that are likely to occur.

FTP connections are generally two connected, one is the client and server transfer commands, and the other is data transfer connections. The FTP service typically supports two different modes, one is port and one is passive (PASV mode), so let me first say the difference between the two modes of connection.

Let's assume that the client is C and that the service end is S.

Port mode:

When client C is connected to server s, using port mode, client C sends a command to tell the server S (client C opens a port locally and waits for you to enter the data connection), and when the server s receives this port command, it connects to the port N that the client opens. This data connection is generated.

PASV mode:

When client C is connected to the server s, the server s sends a message to client C, this information is (service side s opened a port in the local m, you now go to connect me), when the client C received this information, you can connect to the server s of the M port, after the successful connection, the data connection is also established.

From the explanation above, we should be able to see that the main difference between the two models is the difference between the data connection, for Port mode, the client C in the local open a port, such as server s to connect to establish a data connection, and the PASV mode is the server s open a port waiting for client C to establish a data connection.

Both modes seem to have no problems, but they are all hidden in security.

For port mode, this pattern is mostly used because the server has a firewall, it is not possible to use PASV to open ports on the server to allow clients to connect, but because the connection itself is externally connected by the server itself, there is a security issue in itself, because if the connection is hijack , because the connection is connected by the server itself, the firewall will not have any action to handle the connection.

For PASV mode, it seems to be a lot safer than port mode. But if you think about it, you'll find it's a problem. Because the server will open a port and other clients to connect, but if this open port does not detect the connection of IP is the IP of that client, then security problems arise. Because there are many FTP server Open data ports and other client connections are random, but will be within a certain range, such as 20000-21000 of these ports. If the FTP server does not check the connection of the data port to detect whether the IP is already a legitimate user, then other users who have not logged in will have a chance to write the program hijack this connection. Here is an example to illustrate:

The server-side S command connection to receive client C (ip=12.12.12.12) uses the PASV mode, and the server S opens port 20000 to wait for the data connection, at which point a hacker (ip=11.11.11.11) scans the server's 20000 to 20100 port , found that the 20000 port is open, and immediately connected to the server S 20000 this port. In this case, if the server s does not detect 11.11.11.11 this IP is not a legitimate user of the IP, then the real client C data connection is hijack, if the client C sent to the server S command is to download a file, Then that file will only be sent to the hacker. In this case, the hacker can be randomly scanned and hijack to a different connection, or can be connected to those ports non-stop, then the legitimate user will be a lot of connections are hijack, hijack after what the hacker will do, it depends on the hacker's ability and want to do what.

Solve:

For port mode, because that is the problem of FTP itself, so there is no good way to solve. Or, if you can, just allow PASV mode and not port mode.

For PASV mode, it is possible to avoid the problem of connection being hijack as long as the IP is not a legitimate user's request when the data connection is received.

The above hijack connections are more advanced "hackers" have the opportunity to achieve, because for different FTP service program is not the same, and generally need to study the FTP service before the program can be realized. The following is said that the general user can because the writing FTP service program for security is not attention to the problem of intrusion through FTP to the system.

In fact, this problem is usually very common, is generally for users to log into the FTP can jump to the directory permissions limit issues.

A lot of used FTP programs (the most basic FTP service, only provide upload, download, even user name and password do not need that kind of, such as AnonyMouse FTP (AFTP) category, does not limit the landing user can jump to the directory, that is, login users can be free to view the system of different directories of files , downloading files from different directories or uploading files to any directory, downloading any files or uploading any files to any directory, and I don't need to say any more.

Some FTP programs, although provided with the username and password, but there is no limit to the user's access to the directory, Xfocus's production, XFTPD is a good example, the user login, the same can be said above, users can download the system any files or upload any files to any directory.

Some FTP, that is, to restrict access to the directory is not comprehensive detection, resulting in the login user can use some special characters can access to restricted access to the directory. A good example is the old version of the SLIMFTPD. This situation is commonly referred to as "Directory traveling Vulnerability", and many older versions of shared FTP services have had these problems.

If you want to build an FTP server, the advice I can give you is to choose a more stable and secure FTP program (consider yourself), and then test yourself for the security issues mentioned above before you actually put it to use, if you write it yourself, you can release some free versions (not fully functional) To the user to test, the test is no problem and then put into formal use.

The above are all in and friends to develop FTP service program when the FTP protocol to see or in the test of some small experience, errors and omissions of the place is inevitable, if you see what the wrong place can be noted.