File Transfer Protocol (FTP) is a standard protocol for transferring files between a client and server over an internet network. The FTP protocol was written by Abhay Bhushan (IIT Kanpur) in 1971. In 1980, a TCP/IP version of the protocol as RFC 765 was introduced which became the de facto standard worldwide. in 1998, the protocol stack was updated for IPv6 support. Within this protocol, the security features were enabled by a TLS/SSL layers called FTP Secure (FTPS). A new secured version of FTP is also widely used called SSH File transfer protocol (SFTP). The SFTP is quite different protocol than the traditional FTPS.
图1:FTP协议的代表性图像
FTP协议基于客户端服务器模型,因此在一端请求文件时设备在另一端响应请求时,设备在一端请求文件。客户端和服务器之间有单独的控件和数据连接。FTP客户端需要通过协议中的符号将自己验证到服务器。登录通常是用用户名和密码的形式。如果服务器允许使用FTP客户端,也可以作为匿名用户登录。较早的FTP客户端应用程序曾经是命令行程序,尽管现在通常可以使用具有图形UI的客户端实用程序。
FTP连接
FTP客户端可以以两种模式中的任何一个或被动模式中的任何一种与FTP服务器进行通信。在Active Connection中,客户端听到端口(端口M)和制作端口
connection
到服务器,它发送(端口M)FTP命令以告知服务器正在侦听哪个端口。然后服务器启动一个数据渠道
客户
在该端口(端口M)上,使用端口号20,其中端口20是FTP服务器数据端口,并且数据传输启动。
In passive connection, the FTP client send a PASV command to the FTP server using a control connection. The server responds to the command by sending its IP address and port number. The client then can open a data connection using an arbitrary port number to the received IP address and server port number. The passive mode was introduced to allow communication with clients that fall behind a Firewall and so, cannot accept a TCP connection.
In passive mode, the FTP server responds to the client in the form of three-digit codes over the control connection. The response includes a number and an optional text. The number (three-digit number) represents the response code while the optional text is a
人类可读
解释响应代码。响应代码中的第一个数字表示响应的种类,范围为1到6。响应代码中的第一个数字具有以下含义 -
图2:FTP服务器响应代码中第一位数字的表列表含义
图3:清单Significatio表ns of First Digit in Response Code of FTP Server
响应代码中的第二个数字指定数据传输的类型如下 -
Fig. 4: Table Listing Significations of Second Digit in Response Code of FTP Server
图5:FTP服务器响应代码中第二位数的表列表含义
Some of the common response codes are as follow –
图6:FTP服务器的常见响应代码图7:表列表FTP服务器的常见响应代码
一旦客户端和服务器的连接,他们可以transfer the following four data representations –
1)ASCII模式 - 它用于文本传输,在必要时转移之前或之后,数据将转换为“ 8位ASCII”,但不适用于纯文本以外的数据。
2) IMAGE mode – It is called binary mode, used in transferring images, the data is sent in binary form byte by byte, the receiver receives that byte-stream and stores it as sync with receiving.
3) EBCDIC Mode – It is used for plain text between hosts using the EBCDIC character set
4) Local Mode – It allows two machines that has identical setup, transfer data without converting into ASCII (in a proprietary format).
The data transfer can happen in either of the following three modes –
1) Stream Mode – In this mode data is sent as continuous stream without any processing at the FTP. Instead, the processing of data is done at the TCP layer.
2)块模式 - 在此模式下,FTP将数据分解为块,并将这些块传递到TCP层。
3)压缩模式 - 在此模式下,在传递到TCP层之前,首先使用压缩算法压缩数据。
FTP Login –
FTP client first has to login to FTP server in order to transfer data. The client can authenticate using username, password if server allows. The commands to authentication can be sent on port 21 for login. The username can be sent using USER command and the password can be sent using PASS command. This sequence is in plain text form and is venerable to sniffing attacks (Network traffic capture).
Anonymous FTP access –
A FTP
server is sometimes allowed to
login
without username and password.
Client
can
login
到
server
using an anonymous
account,
when asked for username user can type “anonymous” and then server asks for an email address instead of
密码
(No verification of data is performed). This can be seen in an update server which just provides only updates.
FTP Features –
1) Web Browser Support – FTP supports web bowser logins and data surfing. The most common and new web browser can retrieve files hosted on FTP server. Using FTP in web browser, most of the advance web applications are using
ftp
提供下载和更新。用户可以使用Web浏览器登录到FTP服务器,并在此处浏览数据。从浏览器登录的语法看起来如下 - [ftp:// [user [:password]@]主机[:port]/url-path]
2) Security – The security in FTP is not provided in the traditional version. The logins credentials and commands transferred to server are in plane text without any encryption. Thus, any network
嗅探者
可以读取数据。常见的攻击FTP很尊敬如下 -
• 蛮力攻击
• FTP bounce attack
•数据包捕获
• Port stealing (guessing the next open port and usurping a legitimate connection)
•欺骗攻击
• Username enumeration
The Solutions to these security weaknesses are as follow –
1.使用FTP - FTP而不是传统FTP的安全版本,例如使用Telnet使用Telnets。
2.使用更安全的协议进行数据传输,该协议可以处理像SSH文件传输协议这样的加密。
3. Use a secure connection to server like use VPN instead of directly connecting to the server.
There are some variants of FTP that provides secured data communication like
FTPS
, SFTP, TFTP, SSH File Transfer Protocol, which can also be used.
In the next tutorial, FTP protocol will be implemented in an IoT application. In the next tutorial, a Raspberry Pi will be configured as
FTP
客户and will be made to download files from
FTP
server.
Filed Under:354manbetx