Evil TTL - Network Solutions
Evil TTL   >   FTP

Evil_TTL> show | s

FTP

Category:F5 -> Basic Definitions

Ports

TCP/20 - FTP Server’s Data port
TCP/21 - FTP Server’s Command Port
N > 1023 - Client’s connection ports

Active FTP

From server’s side FW perspective the following channels need to be opened:

  1. FTP server’s port 21 from Any (Client initiates connection)
  2. FTP server’s port 21 to ports > 1023 (Server responds to client’s control protocol)
  3. FTP server’s port 20 to ports >1023
  4. FTP server’s port 20 from port > 1023 (Client sends ACKs to server’s data port)

10_FTP.JPG

Problem: FTP client doesn’t make the actual connection to the data port of the server, it simply tells the server what port it is listening on and the server connects back to the specified port on the client.

Passive FTP

From server’s side FW perspective the following channels need to be opened:

  1. FTP server’s port 21 from Anywhere (Client initiates connection)
  2. FTP server’s port 21 to ports > 1023 (Server responds to client’s control protocol)
  3. FTP server’s ports >1023 from anywhere
  4. FTP server’s ports >1023 to remote ports > 1023 (Client sends ACKs to server’s data port)

20_FTP.JPG

 

By privilege15