Many people may not know that the FTP mode will dramatically affect its operation and even bring a series of network security issues. The FTP mode determines whether the TCP connection is initiated by FTP SERVER or FTP CLIENT. FTP supports the following two modes:
1. The first mode is usually regarded as the normal standard mode. Although we often use the active mode to refer to it, this mode is also FTP default
2. The second mode is passive mode.
In active mode, the client initiates control signaling (port 21) to connect to port 21 of the server. When the client needs to receive data after passing a series of authentications including user name and password, it is The TCP connection is initiated by the server, and port 20 is used for data communication with the client's random port above 1023.
In passive mode, the client initiates data communication, and the destination port number used is randomly provided by the server.
ACTIVE FTP OPERATION
In the ACTIVE mode, the security is slightly worse, and the firewall configuration is also more complicated. It must foresee that the FTP SERVER end will actively send data to the CLIENT end. The specific operating mechanism in active mode is shown in the figure below:
1. The client uses the source port 5150 to communicate with port 21 on the server to request a connection.
2. After the server receives it, it sends a response message, OK (ACK), and the client and server exchange control signaling through the control port.
3. When the user requests to list the server directory or download data, the client software will send a PORT command, including a random port number greater than 1023, telling the server to use this port number to send data. Here the client uses port 5151.
4. The server opens port 20 as the source port for data transmission and sends it to port 5151 of the client.
5. The client responds and the transmission process ends.
PASSIVE FTP OPERATION
This mode is more secure, because all connections are initiated by the client, so the possibility of the connection being stolen is reduced. It is called passive mode because the server looks completely passive. The detailed process is as follows:
1. In the passive mode, the client initiates the control signaling connection, uses the 5150 source port to establish a connection with the server's 21 port, and uses the PASSIVE command to request to enter the passive mode.
2. The server agrees to enter the PASSIVE mode and randomly selects a port number greater than 1023 to inform the client.
3. After the client receives this information, it uses its own port 5151 to communicate with the port 3268 provided by the server just now, where 5151 is the source and 3268 is the destination.
4. The server receives the information, returns the data and sends a response ACK (OK)
written by cracker