Since FTP is designed to move files on and off of servers, an attacker could take a copy of any data already stored on an FTP server. If an attacker can gain access to an account that is authorized to use an FTP server (and assuming that the server is configured to require authentication), it can create a significant risk for data exfiltration. A common use is to create file servers where official copies of files shared across an organization can be stored in a central and easily accessible location. Data exfiltrationįTP is designed to transfer files between a single server and (potentially) multiple different clients. As a result, it can be abused by an attacker in a variety of different ways if they can gain access to it. FTP protocol analysis for incident responseįTP is a protocol that was designed with a focus on simplicity and functionality rather than security. For this reason, it is advisable to use one of the many alternatives to FTP for file transfer (SFTP, SCP, FTPS and so on). While the packets above show examples of anonymous authentication to an FTP server (which should be disabled for security reasons), FTP traffic could also leak a user’s actual network login credentials. Since FTP operates as a plaintext protocol by default, this also makes it easy for an eavesdropper with access to an organization’s network traffic to extract sensitive data. This makes it very easy to read in a network capture. Responses include a response code followed by the data requested by the command.Īn FTP packet simply contains the text data that is shown from the earlier session. Each request is a command, potentially followed by a set of arguments.
As shown, FTP is a request-response protocol. The image above shows a sample of FTP traffic collected by following a TCP stream in Wireshark. It can be identified in Wireshark using the ftp filter.
The FTP protocol in WiresharkįTP is a plaintext protocol that operates over port 20 and 21. SFTP is a protocol related to secure shell (SSH) that is also designed to provide encrypted file transfer.
FTPS is the use of FTP traffic wrapped in Transport Layer Security (TLS). A couple of different protocols exist for securing FTP.
0 kommentar(er)
