File Transfer Protocol (FTP) is a standard protocol for transferring files between a client and a server over an Internet network. The FTP protocol was written by Abhay Bhushan (IIT Kanpur) in 1971. In 1980, a TCP/IP version of the protocol was introduced as RFC 765, which became the de facto standard across the world. In 1998, the protocol stack was updated to support IPv6. Within this protocol, security features have been enabled by TLS/SSL layers called FTP Secure (FTPS). A new, secure version of FTP is also widely used called SSH File Transfer Protocol (SFTP). SFTP is a very different protocol from traditional FTPS.
Fig. 1: Representational Image of the FTP Protocol
The FTP protocol is based on the Client-Server model, so the device at one end requests files while the device at the other end responds to the request. There are separate data and control connections between the client and the server. FTP clients need to authenticate to the server via a signal in the protocol. Login is usually in the form of a username and password. An FTP client can also log in as an anonymous user if allowed by the server. Previous FTP client applications tended to be command-line programs, although client utilities with a graphical interface are now commonly available.
FTP connection
An FTP client can communicate with an FTP server in one of two modes – Active or Passive mode. In an active connection, the client listens to a port (PORT M) and while connecting to the server it sends FTP commands (PORT M) to inform the server which port it is listening to. Then the server starts a data channel to client on that port (PORT M) using port number 20, where port 20 is the data port of the FTP server and the data transfer is started.
In passive connection, the FTP client sends a PASV command to the FTP server using a control connection. The server responds to the command by sending its IP address and port number. The client can then open a data connection using an arbitrary port number for the received IP address and the server's port number. Passive mode was introduced to allow communication with clients that are behind a Firewall and therefore cannot accept a TCP connection.
In passive mode, the FTP server responds to the client in the form of three-digit codes on the control connection. The response includes a number and optional text. The number (three-digit number) represents the response code while the optional text is a human-readable explanation of the response code. The first digit in the response code indicates the type of response and can range from 1 to 6. The first digit in the response code has the following meanings –
Fig. 2: Table listing the meanings of the first digit in the FTP server response code
Fig. 3: Table listing the meanings of the first digit in the FTP server response code
The second digit in the response code specifies the type of data transfer as follows –
Fig. 4: Table listing the meanings of the second digit in the FTP server response code
Fig. 5: Table listing the meanings of the second digit in the FTP server response code
Some of the common response codes are as follows –
Fig. 6: Table listing common FTP server response codes Fig. 7: Table listing common FTP server response codes
Once the client and server are connected, they can transfer the following four data representations –
1) ASCII Mode – It is used for text transfer, data is converted to “8-bit ASCII” before or after transfer if necessary, but it is not suitable for data other than plain text.
2) IMAGE mode – It is called binary mode, used in image transfer, the data is sent in binary format byte by byte, the receiver receives this stream of bytes and stores it in synchronization with the receipt.
3) EBCDIC Mode – It is used for plain text between hosts using the EBCDIC character set
4) Local Mode – Allows two machines with identical configuration to transfer data without converting to ASCII (in proprietary format).
Data transfer can happen in any of the following three modes –
1) Stream Mode – In this mode, data is sent as a continuous stream without any processing in FTP. Instead, data processing is done at the TCP layer.
2) Block Mode – In this mode, FTP divides data into blocks and passes these blocks to the TCP layer.
3) Compressed Mode – In this mode, data is first compressed using a compression algorithm before passing to the TCP layer.
FTP Login –
The FTP client first needs to log in to the FTP server to transfer data. The client can authenticate using username and password if the server allows it. Commands for authentication can be sent on port 21 for login. The username can be sent using the USER command and the password can be sent using the PASS command. This string is in plain text format and is respectable for sniffing attacks (network traffic capture).
Anonymous FTP access –
An FTP server is sometimes allowed to connect without username and password. Client can connect to server using an anonymous account, when asked for username, user can type “anonymous” and server will ask for email address instead of password (No data verification is performed). This can be seen in an update server that only provides updates.
FTP Features –
1) Web Browser Support – FTP supports Bowser Web logins and data browsing. The most common and new browser can retrieve files hosted on FTP server. Using FTP in web browser, most of the advanced web applications are using FTP to provide downloads and updates. A user can log into the FTP server using a web browser and browse the data there. The syntax for logging into the browser looks like this – (ftp://(user(:password)@)host(:port)/url-path)
2) Security – Security in FTP is not provided in the traditional version. Login credentials and commands transferred to the server are in plain text without any encryption. So any sniffer network can read the data. The common attacks that FTP is venerable to are as follows –
• Brute force attack
• FTP bounce attack
• Packet capture
• Port stealing (guessing the next open port and usurping a legitimate connection)
• Forgery attack
• Username enumeration
The solutions to these security flaws are as follows –
1. Use secure version of FTP – FTPS instead of traditional FTP like instead of TELNET use TELNETS.
2. Use a more secure protocol for data transfer that can handle encryption, such as the SSH file transfer protocol.
3. Use a secure connection to the server, such as using a VPN, instead of connecting directly to the server.
There are some variants of FTP that provide secure data communication such as FTPS SFTP, TFTP, SSH file transfer protocol which can also be used.
In the next tutorial, the FTP protocol will be implemented in an IoT application. In the next tutorial, a Raspberry Pi will be configured as an FTP client and will be made to download files from an FTP server.