The File Transfer Protocol (FTP) is the venerable granddaddy of file sharing solutions. FTP is a simple client/server protocol that allows servers to publish a directory in their file systems to the network. FTP users can then use an FPT client program to authenticate, list files, download files, and upload files. Because FTP is simple and widely supported, it’s a very popular mechanism for transferring files across the Internet.
File Transfer Protocol (FTP)
A simple protocol that allows the complete transfer of files between servers and clients. File transfer protocols cannot support simultaneous multiple users. File Transfer Protocol is also the name of the oldest and most widely implemented file transfer protocol.
FTP is what is says it is: A file transfer protocol. It is not a true file-sharing protocol, because it is not really capable of simulating a local file system.
FTP lacks all of these semantic mechanisms, and only allows for the uploading and downloading of complete files.
Companies often use anonymous FTP to publish software to the public. Anonymous FTP is the same thing as normal FTP, but a special account called “anonymous” is provided that will accept any text as a valid password. Typically, public FTP servers will ask you to enter your e-mail address as the password so they can record it in a log, but there’s no way to validate the address. Some companies attempt to secure their FTP sites by requiring customers to call first for a valid account/password combination, and then always provide the same
account/password. This doesn’t work, because hackers keep track of these in databases. Once a single hacker customer has obtained the working account and password, they all know it. Using FTP
Configuring an FTP server is simple. If your Unix distribution has an FTP server service installed by default, you need only configure the /etc/ftphosts file to determine what domains you wish to allow to log into your server. Permissions for uploading and downloading files are determined by the FTP directory’s file system permissions, as explained in Chapter 11. You can configure a welcome message that will be displayed to FTP users by creating a file containing the welcome text and storing it in the FTP root directory as .message, for example, /home/ftp/.message.
FTP clients are even simpler: Type ftp hostname.domainname at any command prompt (Windows or Unix) and you’ll get a logon prompt from the FTP server. Use the ls command to list files, get file to download a file, and put file to upload a file to the FTP server.
FTP Security
FTP has three major security problems:
All public services are a security liability. Like any service, FTP is a potential liability because any service that answers connections on the Internet could potentially contain bugs that allow hackers to exploit it. In the specific case of FTP, hackers discovered a major security flaw in the most popular version of WU-FTP (Washington University FTP) in April of 2001 that allowed hackers to gain remote control of any server running the wu-ftp daemon. It took six months for a patch to be made generally available.
Passwords are transmitted in the clear. This means that hackers can potentially intercept valid account names and passwords while in transit on the Internet.
Anonymous writable FTP servers can be exploited. Hackers will exploit FTP servers that allow file uploads from the public. Besides the simple problem of stealing your disk space to store (probably) illegal content like pirated software and copyrighted material, allowing write access to an anonymous FTP server allows hackers to test a number of different file system exploits against your machine. For example, buffer overruns can be embedded inside files so that when the file is uploaded, the hacker can gain root access to your server.
FTP has too many security problems to detail completely, and the specific exploits vary from distribution to distribution. No matter what version you have, allowing anonymous write access spells immediate trouble. As a test for this book, I opened anonymous write access to an FTP server inside a virtual machine. Fourteen minutes later, an automated port scanner found the new machine (on an unlisted IP address), ran a test write against it, and
automatically began uploading content to it—including a number of files with different buffer overrun exploits embedded in the filenames. It was extremely difficult to remove some of those files, because their strange names prevented the normal file system tools from working. Don’t use FTP on public or private servers if you can avoid it—HTTP provides an easily controlled and more robust file transfer methodology for anonymous files and can be easily secured using SSL. Use anonymous FTP for read-only shares if you can’t avoid using FTP.
Don’t use anonymous FTP access to a writeable share if you can’t avoid using anonymous FTP. If you think you have to use writable FTP access for some reason, you’ll change your mind after a few minutes.