Extensions to FTP:
The Need and Advantages
Submitted by
Vinit Nagda
Table of Contents
1. FTP – An Overview 1
1.1 The FTP Model 1
1.2 FTP Commands 1
1.3 FTP Replies 2
1.4 Data Transfer Modes 2
2. Need for extensions 2
2.1 Bounce Attack 2
2.2 Anonymous FTP 2
2.3 Protecting Privacy 2
2.4 Protecting Passwords 2
2.5 Protecting Usernames 2
2.6 Software Problems 3
3. The FTPEXT working group 3
4. Extensions to the Original FTP Protocol 3
4.1 Extension for Remote Command Execution 3
4.2 Extension for Protecting Against the Bounce Attack 3
4.3 Extension for Restarting interrupted file transfer 4
4.4 Extension for IPv6 and NAT’s 4
4.5 Extension for FTP Security (RFC 2228) 4
5. Secure File Transfer 4
5.1 SSH 4
5.2 Secure File Transfer Program (SFTP) 4
5.3 Secure Copy (SCP) 5
5.4 Port Forwarding 5
6. Advantages of Secure File transfer over FTP 5
7. Disadvantages 5
8. Three points to remember 5
9. References 6
1. FTP – An Overview
FTP (File Transfer Protocol) allows a person to transfer files between two computers, generally connected via the Internet. Using FTP one can access very large amounts of files available on a great number of computer systems. When using FTP, you use a program, called a 'client' to connect to a machine that holds the files, a 'server'.
FTP is designed primarily to
§ Promote sharing of files,
§ Encourage use of remote computers,
§ Transfer data reliably and efficiently and,
§ Screen a user from variations in file storage systems among hosts.
1.1 The FTP Model
Control functions (commands and reply codes) are transferred over the control connection. The control connection follows the Telnet Protocol. The control connection is a ‘well known service’. All data transfer takes place over the data connection. The control connection must be ‘up’ while the data transfer takes place.
1.2 FTP Commands
Commands in FTP are classified into 3 broad categories:
Access Control Commands
USER: specify user
PASS: specify password
CWD: change directory
CDUP: change directory
to parent.
QUIT: logout /
Transfer Parameter Commands
PORT: publish local data portPASV: server should listen
TYPE: establish data
representation.
MODE: establish transfer
Mode.
STRU: establish file structure /
Service Commands
RETR: retrieve fileSTOR: send file
STOU: send file and save as
unique.
APPE: send file and append
ABOR: abort previous
service command.
1.3 FTP Replies
All replies are sent over control connection. Replies are a single line containing a 3 digit status code (sent as 3 numeric characters) and a text message. Status code is used by programs, text is for humans.
§ 1st digit of status code indicates type of reply.
§ 2nd digit indicates function groupings.
§ 3rd digit indicates specific problem within function group.
1.4 Data Transfer Modes
FTP supports three modes for data transfer:
§ STREAM: file is transmitted as a stream of bytes.
§ BLOCK: file is transmitted as a series of blocks preceded by hearers containing count and descriptor code (EOF, EOR, restart marker).
§ COMPRESSED: uses a simple compression scheme - compressed blocks are transmitted.
2. Need for extensions
2.1 Bounce Attack
The File Transfer Protocol provides a mechanism that allows a client to establish an FTP control connection and transfer a file between two FTP servers. This "Proxy FTP" mechanism can be used to decrease the amount of traffic on the network; the client instructs one server to transfer a file to another server, rather than transferring the file from the first server to the client and then from the client to the second server. While useful, proxy FTP provides a security problem known as a "Bounce Attack".
The attack involves sending an FTP "PORT" command to an FTP server containing the network address and the port number of the machine and service (in our case let it be SMTP) being attacked. At this point, the original client can instruct the FTP server to send a file to the service (SMTP) being attacked. Such a file might contain commands relevant to the service being attacked (SMTP). This may allow the client to forge mail on the third machine without making a direct connection. Instructing a third party to connect to the service, rather than connecting directly, makes tracking down the attacker difficult and can circumvent network-address-based access restrictions.
2.2 Anonymous FTP
Anonymous FTP refers to the ability of a client to connect to an FTP server with minimal authentication and gain access to public files. Security problems arise when such a user can read all files on the system or can create files.
2.3 Protecting Privacy
All data and control information (including passwords) is sent across the network in unencrypted form by standard FTP. This would again cause a security risk whereby passwords can be stolen through monitoring of local and wide area networks.
2.4 Protecting Passwords
FTP servers do not limit the number of attempts that can be made in order to enter a correct password. This makes FTP vulnerable to “Brute Force Attacks”.
2.5 Protecting Usernames
FTP specifies a different response for valid and invalid usernames. In order to prevent a malicious client from determining valid usernames on a server, it is suggested that a server always return the same code (asking user for password) to the USER command and then reject the combination of username and password for an invalid username.
2.6 Software Problems
Apart from the weaknesses in the protocol, there are a number of documented FTP problems that are due to poor implementation as well.
3. The FTPEXT working group
As we can see, FTP has a number of weaknesses, as a result of which some extensions to the protocol are required. Also since the specification of the protocol is more than 17 years old (RFC 959 was published in 1985), a lot of things have changed since then, and the protocol has been extended to accommodate these changes as well. For example the original Internet Protocol (IPv4) used a 32 bit network address which is no longer the case with the new version of the protocol (IPv6). Hence extensions to the FTP protocol have been proposed to work over both IPv4 as well as IPv6.
An IETF working group named “Extensions to FTP” (ftpext) has been formed since 1995 and it is working towards proposing and developing extensions to the existing protocol.
Some of its objectives are as follows:
§ Recommend changes to the FTP protocol to support users of languages other than English.
§ Make recommendations for the standard protocol extensions to support IPv6 in FTP.
§ Define a mechanism for ftp clients and servers to transmit information regarding extensions supported and not supported.
§ Propose extensions, and/or review proposals submitted by others, to improve the security of FTP.
§ Define a standardized method of checkpoint/restart which works for the stream transfer mode.
§ Define a means of file transfer between a client and server (as opposed to a client mediating a transfer between two servers) which does not require the IP addresses of the endpoints to be transmitted in the FTP protocol.
4. Extensions to the Original FTP Protocol
A number of extensions to the standard FTP Protocol have been proposed. Some of them are as follows:
4.1 Extension for Remote Command Execution
FTP extension, "SITE EXEC", allows clients to execute arbitrary commands on the server. This feature should obviously be implemented with great care. There are several documented cases of the FTP "SITE EXEC" command being used to subvert server security.
4.2 Extension for Protecting Against the Bounce Attack
The original FTP specification assumes that data connections will be made using the Transmission Control Protocol (TCP), which reserves port numbers in the range 0 - 1023 are reserved for well-known services. To avoid such bounce attacks, it is suggested that servers not open data connections to TCP ports less than 1024. Also techniques using protocols other than TCP have been proposed.
4.3 Extension for Restarting interrupted file transfer
The following commands are extensions to help restart interrupted file transfer in modes that were not supported earlier.
§ MDTM: Get the time when a particular file was last modified.
§ MLST: Gets data about the object named on the command line.
§ MLSD: List the contents of a directory.
§ SIZE: Obtain transfer size of file from server FTP process.
4.4 Extension for IPv6 and NAT’s
We have already seen the requirement for this extension in the above section. The following commands are used to support both the versions of IP.
§ EPRT: Replaces the PORT command. It allows for the specification of an extended address for the data connection.
§ EPSV: Replaces the PASV command. It asks the server to listen on a data port and wait for a connection.
4.5 Extension for FTP Security (RFC 2228)
The following commands are introduced in response to the problems already seen above as well as to increase security. These extensions provide strong authentication, integrity, and confidentiality on the control as well as data channel.
§ AUTH: Authentication / Security mechanism
§ ADAT: This command along with associated replies allows client and server to conduct an arbitrary security protocol.
§ PROT: Indicate to the server what type of data channel protection is required. C: Clear; S: Safe; E: Confidential; P: Private.
§ PBSZ: Specifies the maximum size of the encoded blocks of data to be transferred.
§ CCC: Used in environments where authentication but no integrity checks are required.
§ MIC: Integrity Protected Command.
§ CONF: Confidentiality Protected Command.
§ ENC: Privacy Protected command.
In addition to the above commands, a new class of reply types is introduced for protected replies.
5. Secure File Transfer
In today’s world secure file transfer has gained a lot of importance. Several methods are used for the same. Some of them are as described below.
5.1 SSH
SSH (Secure Shell) is a protocol which provides a secure means of logging into and executing commands on another network computer running Unix (or VMS), and transferring files between computers. It negotiates and establishes an encrypted connection between an SSH client and an SSH server, authenticating the client and server using any of several available encryption algorithms, such as RSA.
5.2 Secure File Transfer Program (SFTP)
SFTP is an interactive file transfer program, similar to FTP, which performs all operations over an encrypted SSH transport. It may also use many features of SSH, such as public key authentication and compression. SFTP connects and logs into the specified host, then enters an interactive command mode.
5.3 Secure Copy (SCP)
SCP is a remote file copy program that copies files between hosts on a network. It uses SSH for data transfer, and uses the same authentication and provides the same security as SSH. Unlike RCP (used in UNIX), SCP will ask for passwords or passphrases if they are needed for authentication. Any file name may contain a host and user specification to indicate that the file is to be copied to/from that host. Copies between two remote hosts are permitted.
5.4 Port Forwarding
Port forwarding is a powerful technique that can provide security to TCP/IP applications including e-mail, and File Transfer. Port forwarding, sometimes referred to as tunneling, allows data from normally unsecured TCP/IP applications to be secured. After port forwarding has been set up, Secure Shell reroutes traffic from a program (usually a client) and sends it across the encrypted tunnel, then delivers it to a program on the other side (usually a server). Multiple applications can transmit data over a single multiplexed channel, eliminating the need to open additional vulnerable ports on a firewall or router.
6. Advantages of Secure File transfer over FTP
Secure File Transfer offers the following advantages:
§ Secure transmission of file transfers
§ Many of the secure file transfer methods make use of a number of different authentication schemes. Some of them use public key encryption as well.
§ Encrypted communication channel for data transfers, i.e. data cannot be understood if intercepted during transmission
§ Limited number of attempts for entering password are allowed, thus eliminating the threat of Bruce Force Attack.
7. Disadvantages
§ Secure File Transfer schemes are normally slower than standard FTP. This is because encryption/decryption takes a lot of CPU time.
§ There are very few applications that provide secure file transfer, and they all use non-standard protocols and require installation of applications on both server and client side.
8. Three points to remember
§ File Transfer Protocol (FTP) defines a simple and efficient mechanism for sharing files over a network.
§ However the simplicity of its design and various security loopholes in the protocol itself, make it less secure for use in today’s world.
§ Hence extensions have been proposed to the original protocol, which give it an array of functionalities, the most important of them being security.
9. References
[1] RFC 959
File Transfer Protocol (FTP)
[2] RFC 2228
FTP Security Extensions
[3] RFC 2577
FTP Security Considerations
[4] RFC 2428
FTP Extensions for IPv6 and NATs
[5] Internet draft on Extensions to FTP
draft-ietf-ftpext-mlst-16.txt
[6] The FTPEXT working group
http://www.ietf.org/html.charters/ftpext-charter.html
[7] A Presentation on FTP
http://www.cs.rpi.edu/courses/fall96/netprog/lectures/html/ftp/sld001.htm
7