8.1 FTP

Previous page
Table of content
Next page

File Transfer Protocol (FTP) services are usually found running on servers to provide public access to files over IP. The FTP service uses the following two ports to function in its native mode:


TCP port 21

The inbound control port, used to receive and process FTP commands


TCP port 20

The outbound data port, used to send data from the server to client

Historically, the way that FTP services have been used to compromise networks include:

  • Brute-force guessing of user passwords to gain direct access

  • FTP bounce port-scanning and exploit payload delivery

  • Issuing crafted FTP commands to circumvent stateful filtering devices

  • Process manipulation, including overflow attacks involving malformed data

I will discuss each of these attack types; however, the first task to undertake when identifying an accessible FTP service is that of enumeration, to ascertain the FTP service that's running and its configuration.


Previous page
Table of content
Next page
Network Security Assessment
Network Security Assessment: Know Your Network
ISBN: 059600611X
EAN: 2147483647
Year: 2006
Pages: 166
Authors: Chris McNab
BUY ON AMAZON
Absolute Beginner[ap]s Guide to Project Management
Certified Ethical Hacker Exam Prep
Documenting Software Architectures: Views and Beyond
HTI+ Home Technology Integrator & CEDIA Installer I All-In-One Exam Guide
Quantitative Methods in Project Management
DNS & BIND Cookbook
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy