FTP - File Transfer Protocol TFTP – Trivial FTP CISC 856 – Fall 2008 Shriram Ganesh University of Delaware (some/most slides courtesy of Brian Lucas, Umakanth Puppala, William Boyer Vikram Rajan, Michael Haggerty, and Prof Amer)
File Transfer Protocol (RFC 959) Why FTP? FTP’s connections FTP in action FTP commands/responses Trivial File Transfer Protocol (RFC 1350) TFTP and TFTP’s message formats FTP and TFTP compared Overview
Network Use Direct (e.g. telnet) Indirect (e.g. FTP) RFC 114 – April 1971 before TCP and IP existed - Used NCP to do FTP on ARPANET RFC 354 – July Overall Communication Model RFC 542 – August Remarkably similar to today’s FTP - Still based on NCP RFC 765 – June FTP over TCP/IP A Bit of History - FTP
Purpose: To Transfer files between two computers Goals of FTP Service Promote sharing of files (programs and/or data) Encourage indirect/implicit use of remote computers Shield users from variations in file storage among hosts Transfer data reliably and efficiently Why do we need a FTP service?
At first, file transfer may seem simple Heterogeneous systems use different: –Operating Systems –Character Sets –Naming Conventions –Directory Structures –File Structures and Formats FTP needs to address and resolve these problems Problems of file transfer
User Interface User Data Transfer Function User Protocol Interpreter Server Protocol Interpreter Server Data Transfer Function client server Control Connection Data Connection * Insulates users from “raw” FTP commands Server is listening on port 21 for connection requests 2 * Routes “raw” FTP commands * Receives server’s replies * Persistent command and reply connection Non-persistent data connection *Server uses port 20 for data connections FTP’s 2 Connections
User Interface User Data Transfer Function User Protocol Interpreter Server Protocol Interpreter Server Data Transfer Function client server Control Connection Data Connection ftp> open strauss.udel.edu Connected to strauss.udel.edu 220 strauss FTP server ready. USER ganesh 331 Password req for ganesh. Password: PASS mypass 230 User ganesh logged in. ftp> FTP’s 2 Connections - Establishment
(19×256) :5001 User Data Transfer Function Server Data Transfer Function User Interface User Protocol Interpreter Server Protocol Interpreter client server Control Connection Data Connection ls client.txt Passive open on Port 5001 PORT 128,4,40,17,19, Port Command SucessfulLIST client.txt 150 Data Connection will be open shortly 226 Closing Data Connection -rw-r--r-- lucasb client.txt Establish Data Connection User Protocol Interpreter Server Protocol Interpreter ,137 FTP’s 2 Connections – Data Transfer
User Interface User Protocol Interpreter Server Protocol Interpreter client server Control Connection Data Connection User Data Transfer Function Server Data Transfer Function bye QUIT 221 Service Closing FTP’s 2 Connections – Connection Closing
ftp> open server SYN SYN|ACK ACK 220 Service Ready ftp> USER ganesh ACK 331 User OK,password? ACK ftp> PASS mypass ACK 230 User login OK ACK Client Server 21 Eph FTP Connection
PORT 128,4,40,17,19, Command Successful SYN LIST client.txt SYN-ACK ACK 150 Data Connection will be open shortly NAME LIST FIN FIN-ACK 226 Closing Data Connection ACK Control connection Data Connection Client Server ACK Eph FTP – Data transfer (get command)
PORT 128,4,40,17,19, Command Successful SYN LIST client.txt SYN-ACK ACK 150 Data Connection will be open shortly Client.txt FIN FIN-ACK 226 Closing Data Connection ACK Control connection Data Connection Client Server ACK Eph FTP – Data transfer (put command)
CommandDescription get filename Retrieve file from server mget filename* Retrieve multiple files from server put filename Copy local file to server mput filename* Copy multiple local files to server open server Begin login to server bye / close / exit Logoff server ls / dir List files in current remote dir on server lcd Change local directory cd Change remote directory rhelp / remotehelp Lists commands the server accepts FTP Client Commands (issued by user interface) *Server sends list of matching files to client, Client protocol interpreter asks the user for operation on each matching file.
CommandDescription LIST [ filelist ] List files or directories (ls / dir) USER username Send username to server PASS password Password on server PORT h1,h2,h3,h4,p1,p2 Client IP and port number RETR filename Retrieve (get) filename STOR filename Store (put) filename TYPE (A, I, E, N or T) Defines the file type or print format A-PDU FTP Commands
ReplyDescription 1 yz 2 yz 3 yz 4 yz 5 yz Positive preliminary reply.The action is being started but expect another reply before sending another cmd. Positive completion reply. A new cmd can be sent. Positive intermediate reply. The cmd has been accepted but another cmd must be sent. Transient negative completion reply. The requested action did not take place but can be sent later Permanent negative completion reply. Cmd not accepted and should not be reissued. x0zx1zx2zx3zx4zx5zx0zx1zx2zx3zx4zx5z Syntax Information Connections. Replies referring to control or data connections. Authentication and accounting Unspecified Filesystem status FTP Response Format
120 Service will be ready shortly 200 Command OK 230 User login OK 331 User name OK; password is needed 421 Service not available 530 User not logged in 552 Requested action aborted; exceeded storage allocation Example FTP Responses
FTP has 2 connections -Control (persistent connection) -Server issues a passive open on well-known 21 -Client uses an ephemeral port to issue active open -Server ultimately closes control connection -Data (ephemeral connection) -Client issues passive open on an ephemeral port -Client sends this port to server via PORT command -Server receives the port number and issues active open using its well-known 20 to the received ephemeral port Summary of FTP Connections
PORT does not always work…why? Instead, use PASV command –Client sends PASV command to server –Server chooses ephemeral port: passive open –Server responds with IP, Port in reply (227) –Client issues active open to server’s port Ultimately, the data sender closes connection Data Connection
User Data Transfer Function Server Data Transfer Function User Interface User Protocol Interpreter Server Protocol Interpreter client server Control Connection Data Connection ls client.txt Passive open on Port 5125 PASV227 Entering Passive Mode (128,4,40,42,20,5)LIST client.txt 150 Data Connection will be open shortly 226 Closing Data Connection -rw-r--r-- lucasb client.txt Establish Data Connection User Protocol Interpreter Server Protocol Interpreter FTP Passive Data Transfer
Used only to read and write files from/to a remote server –Cannot list directories Useful for bootstrapping diskless systems TFTP UDP IP Ethernet Physical Trivial FTP (TFTP)
Diagrams from McGraw-Hill TFTP Message Formats
Diagram from McGraw-Hill TFTP Connection Establishment Client Server 69 Passive open a. Passive open by server Client Server 69 b. Active open by client Active open Client Server c. Rest of communication
Diagram from McGraw-Hill TFTP Data Transfer
Read Request RRQ “fullOS” DATA 1 ACK 1 Timeout ACK 2 Client Server DATA 2 Timeout ACK 3 DATA 3 First Block of 512 Bytes Sent Block 2 Lost Block 3 Damaged ACK 4 DATA 4 Timeout ACK 4 ACK 4 Lost Eph 69 Eph Timer running TFTP Connection - Timers
DATA 5 ACK 5 Timeout Client Server DATA 5 ACK 5 DATA 6 ACK 6 DATA 6 ACK 6 DATA 7 ACK 7 DATA 7 ACK 7 DATA 8 ACK 8 DATA 8 ACK 8 Block 8 is the Last Block (383 Bytes) ACK 5 is Slow Discard Duplicate Resend Data 6 Data is Sent Twice, Known as The Sorcerer's Apprentice Bug TFTP Connection ( Cont’d )
FTPTFTP 2 connections: control (21) and data (20) 1 connection (69), stop and wait flow Reliable service using TCP Uses UDP, handles own retransmissions Many commands5 message types, only reads/writes files Minimal security using logon procedure No logon or security Larger code size, full- featured Lightweight, designed to fit on ROM FTP vs. TFTP
Security Issues FTP Bounce Attack FTP Server Attacker Victim sthuy Login PORT :5000 LIST Data Connection Control messages
According to FTP protocol, client is *supposed* to specify its own IP address and port number. Port Scan Attack – Attacker gathers information on ports of target machine FTP Bounce Attack ( cont’d )
Attacker: FTP login account: sthuy Target: FTP Bounce Attack ( cont’d )
Method of data transfer which uses the FTP protocol’s PASV mode. Transfer data from one remote server to another (inter-server) without routing this data through the client's connection.inter-server Enabling this can make a server vulnerable to the FTP bounce attack. File Exchange Protocol (FXP)