Study on unsafe factors of ftp service programs

FTP (File Tranfer Protocol) is an old Protocol that has been used since unix. FTP not only provides the function of simultaneous downloading by multiple users, users can also upload files. In the continuous development, users can also remotely execute commands using ftp. Because FTP generally requires accounts and passwords, and different accounts can have different permissions, with so many features, it is still quite popular. However, below I will talk about the FTP service program
Possible security issues.

FTP connections generally have two connections: one is the client and the server transmission command, and the other is the data transmission connection. FTP service programs generally support two different modes: Port Mode and Pasv Mode ), let me first talk about the two different connection modes.

Assume that the client is C and the server is S.

Port mode:

After client C connects to server S, the Port mode is used, then client C will send a command to inform server S (client C opens a local Port N waiting for you to enter the data connection). When server S receives the Port command, connect to the port N opened by the client. This data connection is generated.

Pasv mode:
After client C connects to server S, server S will send a message to client C. The message is (server S opens a local port M, So connect to me now ), after receiving this information, client C can connect to the M Port of server S. After the connection is successful, the data connection is established.

From the above explanation, we can see that the main difference between the two modes is that the data connection is established differently. For the Port mode, in Pasv mode, server S opens a port locally and waits for client C to establish a data connection.

The two modes seem to be okay, but they all hide security issues.

For Port mode, this mode is mostly used because the server has a firewall and Pasv cannot be used to open a Port on the server to allow the client to connect to it, however, because the connection itself is connected externally by the server itself, there is a security problem in itself, because if the connection is accessed by hijack, because the connection is external by the server itself, the firewall will not process the connection.

For the Pasv mode, it seems much safer than the Port mode, but if you think about it seriously, you will still find its own problems. The server will open a port and other clients to connect, but if the opened port does not detect whether the connected IP address is the IP address of the client, then the security problem arises. Because there are many data ports opened by the FTP server and other client connections are random, but they will all be within a certain range, such as between ports 20000-21000. If the FTP server does not check whether the connected IP address is a valid user when receiving a connection from the data port, other users who have not logged on will have the opportunity to write the hijack connection. The following is an example:

The Pasv mode is used for connecting the commands received by the client C (IP = 12.12.12) by the server side S. The server side S opens port 20000 and waits for the data connection, A hacker (IP = 11.11.11.11.11) scanned port 20000 to port 20100 on server side S and found port 20000 opened. Then he immediately connected the port 20000 on server side S. In this case, if the server S does not check whether the IP address 11.11.11.11 is a valid user IP address, then the real client C's data connection will be hijack, if the command sent by client C to server S is to download a file, the file will only be sent to the hacker. In this case, hackers can randomly scan and connect hijack to different connections, or they can continuously connect to those ports at the same time, then many legitimate user connections will be connected by hijack, what hackers will do after hijack is determined by the hacker's abilities and thoughts.

Solution:

For Port mode, there is no good solution because it is a problem with FTP itself. Alternatively, the Pasv mode is allowed, but the Port mode is not allowed.

In Pasv mode, you only need to check whether the IP address is a valid user's request when receiving the data connection, so as to avoid the problem that the connection is hijack.

The above hijack connections belong to relatively advanced "hackers" to have the opportunity to achieve this, because different FTP service programs are different, in addition, it is generally possible to implement the FTP service program first and then write the program. The following describes the problem that users can intrude into the system through FTP because the FTP service program does not pay attention to security.

This problem is actually very common at ordinary times. It is generally caused by permission restrictions on the directories that users can jump to after logging on to FTP.

Many used FTP programs (the most basic FTP service only provides upload and download, and does not require the user name and password), such as anonymouse ftp (aftp, there is no restriction on the directories that users can jump to. That is to say, users can view files in different directories of the system at will, download files in different directories, or upload files to any directory, you can download any file or upload any file to any directory. How serious is the problem? I don't need to talk about it.

Some FTP programs provide user names and passwords, but do not impose any restrictions on user accessible directories. xftpd is a good example of xfocus, as mentioned above, users can download any system file or upload any file to any directory.
Some FTP checks the directories to be restricted and accessible. As a result, login users can use some special characters to access the restricted directories. A good example is the old slimftpd. This situation is generally referred to as "Directory Traveling Vulnerability". Many old versions of shared FTP service programs have encountered these problems.

If you want to create an FTP server, I can advise you to select a relatively stable and secure FTP program (of course you can consider writing it yourself ), then, you can check the security issues mentioned above before you are actually ready for use. If you write it yourself, you can release some free versions (not fully functional) test it for the user. The test will be ready for use after the test is complete.