Download Extensions to the FTP Protocol

EXTENSIONS TO FTP:
THE NEED AND ADVANTAGES
Submitted by
VINIT NAGDA
Table of Contents
1. FTP – AN OVERVIEW ..................................................................................... 2
1.1
1.2
1.3
1.4
THE FTP MODEL .................................................................................................................... 2
FTP COMMANDS..................................................................................................................... 2
FTP REPLIES.......................................................................................................................... 3
DATA TRANSFER MODES ......................................................................................................... 3
2. NEED FOR EXTENSIONS .............................................................................. 3
2.1
2.2
2.3
2.4
2.5
2.6
BOUNCE ATTACK .................................................................................................................... 3
ANONYMOUS FTP ................................................................................................................... 3
PROTECTING PRIVACY ............................................................................................................ 3
PROTECTING PASSWORDS ...................................................................................................... 3
PROTECTING USERNAMES ....................................................................................................... 3
SOFTWARE PROBLEMS............................................................................................................ 4
3. THE FTPEXT WORKING GROUP .................................................................. 4
4. EXTENSIONS TO THE ORIGINAL FTP PROTOCOL .................................... 4
4.1
4.2
4.3
4.4
4.5
EXTENSION FOR REMOTE COMMAND EXECUTION ..................................................................... 4
EXTENSION FOR PROTECTING AGAINST THE BOUNCE ATTACK .................................................. 4
EXTENSION FOR RESTARTING INTERRUPTED FILE TRANSFER ..................................................... 5
EXTENSION FOR IPV6 AND NAT’S ............................................................................................ 5
EXTENSION FOR FTP SECURITY (RFC 2228) ........................................................................... 5
5. SECURE FILE TRANSFER ............................................................................. 5
5.1
5.2
5.3
5.4
SSH ...................................................................................................................................... 5
SECURE FILE TRANSFER PROGRAM (SFTP) ............................................................................ 5
SECURE COPY (SCP) ............................................................................................................. 6
PORT FORWARDING ................................................................................................................ 6
6. ADVANTAGES OF SECURE FILE TRANSFER OVER FTP .......................... 6
7. DISADVANTAGES .......................................................................................... 6
8. THREE POINTS TO REMEMBER................................................................... 6
9. REFERENCES ................................................................................................ 7
1
1. FTP – AN OVERVIEW
FTP (File Transfer Protocol) allows a person to transfer files between two computers, generally
connected via the Internet. Using FTP one can access very large amounts of files available on
a great number of computer systems. When using FTP, you use a program, called a 'client' to
connect to a machine that holds the files, a 'server'.
FTP is designed primarily to

Promote sharing of files,

Encourage use of remote computers,

Transfer data reliably and efficiently and,

Screen a user from variations in file storage systems among hosts.
1.1 THE FTP MODEL
FTP Client
PI: Protocol Interpreter
DTP: Data Transfer Protocol
USER
INTERFACE
USER
FTP Server
FILE
SYSTEM
SERVER
PI
Control
USER
PI
SERVER
DTP
Data
USER
DTP
FILE
SYSTEM
Control functions (commands and reply codes) are transferred over the control connection.
The control connection follows the Telnet Protocol. The control connection is a ‘well known
service’. All data transfer takes place over the data connection. The control connection must
be ‘up’ while the data transfer takes place.
1.2 FTP COMMANDS
Commands in FTP are classified into 3 broad categories:
Access Control
Commands
Transfer Parameter
Commands
Service Commands
USER: specify user
PASS: specify password
CWD: change directory
CDUP: change directory
to parent.
QUIT: logout
PORT: publish local data port
PASV: server should listen
TYPE: establish data
representation.
MODE: establish transfer
Mode.
STRU: establish file structure
RETR: retrieve file
STOR: send file
STOU: send file and save as
unique.
APPE: send file and append
ABOR: abort previous
service command.
2
1.3 FTP REPLIES
All replies are sent over control connection. Replies are a single line containing a 3 digit status
code (sent as 3 numeric characters) and a text message. Status code is used by programs,
text is for humans.

1st digit of status code indicates type of reply.

2nd digit indicates function groupings.

3rd digit indicates specific problem within function group.
1.4 DATA TRANSFER MODES
FTP supports three modes for data transfer:

STREAM: file is transmitted as a stream of bytes.

BLOCK: file is transmitted as a series of blocks preceded by hearers containing count
and descriptor code (EOF, EOR, restart marker).

COMPRESSED: uses a simple compression scheme - compressed blocks are
transmitted.
2. NEED FOR EXTENSIONS
2.1 BOUNCE ATTACK
The File Transfer Protocol provides a mechanism that allows a client to establish an FTP control
connection and transfer a file between two FTP servers. This "Proxy FTP" mechanism can be
used to decrease the amount of traffic on the network; the client instructs one server to
transfer a file to another server, rather than transferring the file from the first server to the
client and then from the client to the second server. While useful, proxy FTP provides a
security problem known as a "Bounce Attack".
The attack involves sending an FTP "PORT" command to an FTP server containing the network
address and the port number of the machine and service (in our case let it be SMTP) being
attacked. At this point, the original client can instruct the FTP server to send a file to the
service (SMTP) being attacked. Such a file might contain commands relevant to the service
being attacked (SMTP). This may allow the client to forge mail on the third machine without
making a direct connection. Instructing a third party to connect to the service, rather than
connecting directly, makes tracking down the attacker difficult and can circumvent networkaddress-based access restrictions.
2.2 ANONYMOUS FTP
Anonymous FTP refers to the ability of a client to connect to an FTP server with minimal
authentication and gain access to public files. Security problems arise when such a user can
read all files on the system or can create files.
2.3 PROTECTING PRIVACY
All data and control information (including passwords) is sent across the network in
unencrypted form by standard FTP. This would again cause a security risk whereby passwords
can be stolen through monitoring of local and wide area networks.
2.4 PROTECTING PASSWORDS
FTP servers do not limit the number of attempts that can be made in order to enter a correct
password. This makes FTP vulnerable to “Brute Force Attacks”.
2.5 PROTECTING USERNAMES
FTP specifies a different response for valid and invalid usernames. In order to prevent a
malicious client from determining valid usernames on a server, it is suggested that a server
always return the same code (asking user for password) to the USER command and then
reject the combination of username and password for an invalid username.
3
2.6 SOFTWARE PROBLEMS
Apart from the weaknesses in the protocol, there are a number of documented FTP problems
that are due to poor implementation as well.
3. THE FTPEXT WORKING GROUP
As we can see, FTP has a number of weaknesses, as a result of which some extensions to the
protocol are required. Also since the specification of the protocol is more than 17 years old
(RFC 959 was published in 1985), a lot of things have changed since then, and the protocol
has been extended to accommodate these changes as well. For example the original Internet
Protocol (IPv4) used a 32 bit network address which is no longer the case with the new
version of the protocol (IPv6). Hence extensions to the FTP protocol have been proposed to
work over both IPv4 as well as IPv6.
An IETF working group named “Extensions to FTP” (ftpext) has been formed since 1995 and it
is working towards proposing and developing extensions to the existing protocol.
Some of its objectives are as follows:

Recommend changes to the FTP protocol to support users of languages other than
English.

Make recommendations for the standard protocol extensions to support IPv6 in FTP.

Define a mechanism for ftp clients and servers to transmit information regarding
extensions supported and not supported.

Propose extensions, and/or review proposals submitted by others, to improve the
security of FTP.

Define a standardized method of checkpoint/restart which works for the stream
transfer mode.

Define a means of file transfer between a client and server (as opposed to a client
mediating a transfer between two servers) which does not require the IP addresses of
the endpoints to be transmitted in the FTP protocol.
4. EXTENSIONS TO THE ORIGINAL FTP PROTOCOL
A number of extensions to the standard FTP Protocol have been proposed. Some of them are
as follows:
4.1 EXTENSION FOR REMOTE COMMAND EXECUTION
FTP extension, "SITE EXEC", allows clients to execute arbitrary commands on the server. This
feature should obviously be implemented with great care. There are several documented
cases of the FTP "SITE EXEC" command being used to subvert server security.
4.2 EXTENSION FOR PROTECTING AGAINST THE BOUNCE ATTACK
The original FTP specification assumes that data connections will be made using the
Transmission Control Protocol (TCP), which reserves port numbers in the range 0 - 1023 are
reserved for well-known services. To avoid such bounce attacks, it is suggested that servers
not open data connections to TCP ports less than 1024. Also techniques using protocols other
than TCP have been proposed.
4
4.3 EXTENSION FOR RESTARTING INTERRUPTED FILE TRANSFER
The following commands are extensions to help restart interrupted file transfer in modes that
were not supported earlier.

MDTM: Get the time when a particular file was last modified.

MLST: Gets data about the object named on the command line.

MLSD: List the contents of a directory.

SIZE: Obtain transfer size of file from server FTP process.
4.4 EXTENSION FOR IPV6 AND NAT’S
We have already seen the requirement for this extension in the above section. The following
commands are used to support both the versions of IP.

EPRT: Replaces the PORT command. It allows for the specification of an extended
address for the data connection.

EPSV: Replaces the PASV command. It asks the server to listen on a data port and
wait for a connection.
4.5 EXTENSION FOR FTP SECURITY (RFC 2228)
The following commands are introduced in response to the problems already seen above as
well as to increase security. These extensions provide strong authentication, integrity, and
confidentiality on the control as well as data channel.








AUTH: Authentication / Security mechanism
ADAT: This command along with associated replies allows client and server to conduct
an arbitrary security protocol.
PROT: Indicate to the server what type of data channel protection is required. C:
Clear; S: Safe; E: Confidential; P: Private.
PBSZ: Specifies the maximum size of the encoded blocks of data to be transferred.
CCC: Used in environments where authentication but no integrity checks are required.
MIC: Integrity Protected Command.
CONF: Confidentiality Protected Command.
ENC: Privacy Protected command.
In addition to the above commands, a new class of reply types is introduced for protected
replies.
5. SECURE FILE TRANSFER
In today’s world secure file transfer has gained a lot of importance. Several methods are used
for the same. Some of them are as described below.
5.1 SSH
SSH (Secure Shell) is a protocol which provides a secure means of logging into and executing
commands on another network computer running Unix (or VMS), and transferring files
between computers. It negotiates and establishes an encrypted connection between an SSH
client and an SSH server, authenticating the client and server using any of several available
encryption algorithms, such as RSA.
5.2 SECURE FILE TRANSFER PROGRAM (SFTP)
SFTP is an interactive file transfer program, similar to FTP, which performs all operations over
an encrypted SSH transport. It may also use many features of SSH, such as public key
authentication and compression. SFTP connects and logs into the specified host, then enters
an interactive command mode.
5
5.3 SECURE COPY (SCP)
SCP is a remote file copy program that copies files between hosts on a network. It uses SSH
for data transfer, and uses the same authentication and provides the same security as SSH.
Unlike RCP (used in UNIX), SCP will ask for passwords or passphrases if they are needed for
authentication. Any file name may contain a host and user specification to indicate that the file
is to be copied to/from that host. Copies between two remote hosts are permitted.
5.4 PORT FORWARDING
Port forwarding is a powerful technique that can provide security to TCP/IP applications
including e-mail, and File Transfer. Port forwarding, sometimes referred to as tunneling, allows
data from normally unsecured TCP/IP applications to be secured. After port forwarding has
been set up, Secure Shell reroutes traffic from a program (usually a client) and sends it across
the encrypted tunnel, then delivers it to a program on the other side (usually a server).
Multiple applications can transmit data over a single multiplexed channel, eliminating the need
to open additional vulnerable ports on a firewall or router.
6. ADVANTAGES OF SECURE FILE TRANSFER OVER FTP
Secure File Transfer offers the following advantages:

Secure transmission of file transfers

Many of the secure file transfer methods make use of a number of different
authentication schemes. Some of them use public key encryption as well.

Encrypted communication channel for data transfers, i.e. data cannot be understood if
intercepted during transmission

Limited number of attempts for entering password are allowed, thus eliminating the
threat of Bruce Force Attack.
7. DISADVANTAGES

Secure File Transfer schemes are normally slower than standard FTP. This is because
encryption/decryption takes a lot of CPU time.

There are very few applications that provide secure file transfer, and they all use nonstandard protocols and require installation of applications on both server and client
side.
8. THREE POINTS TO REMEMBER

File Transfer Protocol (FTP) defines a simple and efficient mechanism for sharing files
over a network.

However the simplicity of its design and various security loopholes in the protocol
itself, make it less secure for use in today’s world.

Hence extensions have been proposed to the original protocol, which give it an array
of functionalities, the most important of them being security.
6
9. REFERENCES
[1]
RFC 959
File Transfer Protocol (FTP)
[2]
RFC 2228
FTP Security Extensions
[3]
RFC 2577
FTP Security Considerations
[4]
RFC 2428
FTP Extensions for IPv6 and NATs
[5]
Internet draft on Extensions to FTP
draft-ietf-ftpext-mlst-16.txt
[6]
The FTPEXT working group
http://www.ietf.org/html.charters/ftpext-charter.html
[7]
A Presentation on FTP
http://www.cs.rpi.edu/courses/fall96/netprog/lectures/html/ftp/sld001.htm
7