• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
10 Lecture Ftp
 

10 Lecture Ftp

on

  • 1,202 views

 

Statistics

Views

Total Views
1,202
Views on SlideShare
1,199
Embed Views
3

Actions

Likes
0
Downloads
42
Comments
0

1 Embed 3

http://www.slideshare.net 3

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    10 Lecture Ftp 10 Lecture Ftp Presentation Transcript

    • FTP File Transfer Protocol CIS 68C2 UNIX Network Administration CIS68C2 UNIX Network Administration Updated: 11/27/02 Copyright 2002 - Mike Cappella 1
    • FTP ! FTP – File Transfer Protocol quot; Allows upload and downloading of files quot; One of the oldest TCP/IP services quot; And still widely in use quot; Client/Server quot; Advantages over HTTP file transfer quot; Allows inspection of file tree, includes file sizes and timestamps quot; No HTML code required quot; Caution! quot; Improperly configured ftp servers are security risks CIS68C2 UNIX Network Administration Updated: 11/27/02 Copyright 2002 - Mike Cappella 2
    • FTP ! Two Primary File Transfer Modes quot; ASCII (plain text) quot; End-of-line translation occurs between platforms quot; Data is consider to be only 7 bits (high order bit is lost) quot; Binary image quot; Data is transferred raw (not interpreted) quot; Other modes (EBCDIC, local) are rarely ever used quot; Mode must be set before transfer begins quot; Many clients have an auto-select mode quot; File suffix/name guides selection of transfer mode quot; Common mistake to transfer a binary file in ASCII mode quot; The download is corrupted CIS68C2 UNIX Network Administration Updated: 11/27/02 Copyright 2002 - Mike Cappella 3
    • FTP ! FTP Communication quot; Uses 2 TCP ports: 20 (data) and 21 (command) quot; Data port defined by RFC to be the command port - 1 quot; Client quot; Initiates command connection to server’s TCP port 21 quot; Selects random high numbered port to use for data connection quot; Sends PORT command quot; Includes client’s IP address and high numbered port quot; Listens for data connection on high numbered port quot; Server quot; Initiates data connection to client quot; Uses IP and port number given by client’s PORT command CIS68C2 UNIX Network Administration Updated: 11/27/02 Copyright 2002 - Mike Cappella 4
    • FTP ! FTP – Single Connection FTP Client FTP Client User User User User Interface Interface FTP Server FTP Server Protocol Protocol Command Connection Protocol Protocol Interpreter Interpreter Interpreter Interpreter TCP/random TCP/21 Commands Commands Replies Replies Data Transfer Data Transfer Data Connection Data Transfer Data Transfer Process Process TCP/random TCP/20 Process Process File System File System File System File System CIS68C2 UNIX Network Administration Updated: 11/27/02 Copyright 2002 - Mike Cappella 5
    • FTP ! FTP Communication quot; PASV command quot; Requests server to return an IP / port number quot; Client establishes the data connection, not the server quot; Server listens on that port number for client’s connection quot; Allows FTP to… quot; work through firewalls and NAT quot; act as a proxy quot; support site mirroring quot; Typically used instead of PORT command quot; But both can be used to override both connection ends quot; PASV mode is considerably more secure CIS68C2 UNIX Network Administration Updated: 11/27/02 Copyright 2002 - Mike Cappella 6
    • FTP ! FTP – Proxy Connection proxy get FTP Client FTP Client proxy put User User Interface Interface FTP Server A FTP Server A FTP Server B FTP Server B Secondary Controller Command Connection Protocol Protocol Protocol Protocol Protocol Protocol Interpreter TCP/random Interpreter Interpreter Interpreter Interpreter TCP/21 Interpreter Commands Commands TCP/21 Commands Commands Commands Commands Primary Controller Command Connection Data Transfer Data Transfer Data Transfer Data Transfer Data Connection Data Transfer Data Transfer Process Process Process Process TCP/random TCP/server Process Process B identified File System File System File System File System CIS68C2 UNIX Network Administration Updated: 11/27/02 Copyright 2002 - Mike Cappella 7
    • FTP ! FTP – Proxy Connection quot; Secondary server must support PASV command quot; It cannot initiate the data connection to FTP Server A quot; GET transfers from primary to secondary quot; PUT transfers from secondary to primary quot; Security Alert! quot; Proxy exposes the difficult to trace Bounce Attack quot; Using proxy FTP to connect to WKS port (mail, news, etc) and sending instructions quot; Eases brute force password guessing quot; 3rd party transfers are disabled by default on most modern servers CIS68C2 UNIX Network Administration Updated: 11/27/02 Copyright 2002 - Mike Cappella 8
    • wu-ftpd ! A leading, feature-rich FTP server implementation quot; Used by Red Hat and many other UNIX distributions quot; Makes distinction between 3 different types of users quot; Real Users quot; Guests quot; Anonymous Users Additional Features beyond RFC 959 Advanced logging (commands, transfers) On-the-fly compression and archiving User classifications (type and location) Per-class limits Per directory upload permissions Restricted guest accounts System wide and per directory messages. Directory alias cdpath Filename filtering Virtual hosts CIS68C2 UNIX Network Administration Updated: 11/27/02 Copyright 2002 - Mike Cappella 9
    • wu-ftpd ! wu-ftpd User Types quot; Real Users quot; Login to ftp with real username and password quot; Can access entire disk structure quot; Security risk! - Use with extreme caution! quot; Guests quot; Login to ftp with real username and password quot; Chroot’ed to user’s home directory – cannot escape quot; Anonymous Users quot; User: anonymous or ftp; Password: your-email-address quot; Chroot’ed to common, public ftp directory CIS68C2 UNIX Network Administration Updated: 11/27/02 Copyright 2002 - Mike Cappella 10
    • wu-ftpd ! Configuration Files quot; /etc/ftpaccess quot; Main configuration file for most settings quot; /etc/ftpconversions quot; Configuration file for on-the-fly conversions quot; Generally depreciated quot; /etc/ftphosts quot; List of hosts allowed/denied ftp access quot; /etc/ftpusers quot; List of useres allowed/denied ftp access CIS68C2 UNIX Network Administration Updated: 11/27/02 Copyright 2002 - Mike Cappella 11
    • Additional Information ! wu-ftp documentation quot; /usr/share/doc/wu-ftpd-* ! Many wu-ftpd related documents quot; http://www.wu-ftpd.org/ quot; http://www.wu-ftpd.org/rfc/ quot; http://www.landfield.com/wu-ftpd/ ! CERT FTP Articles quot; Anonymous FTP Abuses & Configuration Guidelines quot; http://www.cert.org/tech_tips/anonymous_ftp_abuses.html quot; http://www.cert.org/tech_tips/anonymous_ftp_config.html quot; Bounce Attacks quot; http://www.cert.org/tech_tips/ftp_port_attacks.html ! RFCs quot; 959 – FTP Protocol quot; 2577 – FTP Security Considerations CIS68C2 UNIX Network Administration Updated: 11/27/02 Copyright 2002 - Mike Cappella 12