FTP File Transfer Protocol TFTP Trivial FTP CISC

FTP - File Transfer Protocol TFTP – Trivial FTP CISC 856 – Fall 2008 Shriram Ganesh University of Delaware (some/most slides courtesy of Brian Lucas, Umakanth Puppala, William Boyer Vikram Rajan, Michael Haggerty, and Prof Amer) ganesh@cis. udel. edu

Overview File Transfer Protocol (RFC 959) • Why FTP? • FTP’s connections • FTP in action • FTP commands/responses Trivial File Transfer Protocol (RFC 1350) • TFTP and TFTP’s message formats • FTP and TFTP compared

A Bit of History - FTP Direct (e. g. telnet) Network Use Indirect (e. g. FTP) RFC 114 – April 1971 before TCP and IP existed - Used NCP to do FTP on ARPANET RFC 354 – July 1972 - Overall Communication Model RFC 542 – August 1973 - Remarkably similar to today’s FTP - Still based on NCP RFC 765 – June 1980 - FTP over TCP/IP

Why do we need a FTP service? Purpose: To Transfer files between two computers Goals of FTP Service • Promote sharing of files (programs and/or data) • Encourage indirect/implicit use of remote computers • Shield users from variations in file storage among hosts • Transfer data reliably and efficiently

Problems of file transfer • At first, file transfer may seem simple • Heterogeneous systems use different: – – – Operating Systems Character Sets Naming Conventions Directory Structures File Structures and Formats • FTP needs to address and resolve these problems

FTP’s 2 Connections client User Interface * Non-persistent Persistent command *Server Insulates users from “raw” data is listening on port 21 *Server“raw” uses FTP portcommands 20 * Routes and reply connection commands for. FTP connection requests for data server’s connections * connection Receives replies server User Protocol Interpreter User Data Transfer Function Control Connection Data Connection 21 Server Protocol Interpreter Server Data Transfer 20 Function

FTP’s 2 Connections - Establishment ftp> open strauss. udel. edu client User Interface User Protocol Interpreter User Data Transfer Function Connected to strauss. udel. edu 220 strauss FTP server ready. 331 Password req for ganesh. Password: 230 User ganesh logged in. ftp> USER mypass ganesh PASS server Control Connection Data Connection Server Protocol Interpreter Server Data Transfer Function

FTP’s 2 Connections – Data Transfer client ls client. txt -rw-r--r-- lucasb client. txt User Interface 128. 4. 40. 17 (19× 256)+137 128. 4. 40. 17: 5001 226 Data Connection 128. 4. 40. 17 19, 137 PORT 200 Closing LIST Port 128, 4, 40, 17, 19, 137 client. txt Command Sucessful 150 Data Connection will be open shortly server User Protocol Interpreter Control Connection Server Protocol Interpreter Passive open on Port 5001 User Data Transfer Function Data Connection Server Data Transfer Function Establish Data Connection

FTP’s 2 Connections – Connection Closing client User Interface bye 221 Service Closing QUIT server User Protocol Interpreter User Data Transfer Function Control Connection Data Connection Server Protocol Interpreter Server Data Transfer Function

FTP Connection Server Client ftp> open server Eph SYN|ACK 21 ACK 220 Service Ready ACK ftp> USER ganesh ACK 331 User OK, password? ftp> PASS mypass ACK ACK 230 User login OK

FTP – Data transfer (get command) Server Client PORT 128, 4, 40, 17, 19, 137 Eph ACK LIST client. txt 5001 ACK SYN-A CK ACK NAME LIST 21 200 Command Successful 20 150 Data Connection will be open shortly FIN Eph 5001 Control connection 21 Data Connection 20 FIN-ACK ACK 226 Closing Data Connection

FTP – Data transfer (put command) Server Client PORT 128, 4, 40, 17, 19, 137 Eph ACK LIST client. txt 5001 ACK SYN-A CK ACK Client. t xt Eph 5001 Control connection 21 Data Connection 20 21 200 Command Successful 20 150 Data Connection will be open shortly FIN-ACK ACK 226 Closing Data Connection

FTP Client Commands (issued by user interface) Command Description get filename mget filename* put filename Retrieve file from server mput filename* open server bye / close / exit ls / dir Copy multiple local files to server lcd cd rhelp / remotehelp Change local directory Retrieve multiple files from server Copy local file to server Begin login to server Logoff server List files in current remote dir on server Change remote directory Lists commands the server accepts *Server sends list of matching files to client, Client protocol interpreter asks the user for operation on each matching file.

A-PDU FTP Commands Command Description LIST [filelist ] USER username PASS password List files or directories (ls / dir) PORT h 1, h 2, h 3, h 4, p 1, p 2 Client IP and port number RETR filename STOR filename TYPE (A, I, E, N or T) Retrieve (get) filename Send username to server Password on server Store (put) filename Defines the file type or print format

FTP Response Format Reply 1 yz Description x 2 z Positive preliminary reply. The action is being started but expect another reply before sending another cmd. Positive completion reply. A new cmd can be sent. Positive intermediate reply. The cmd has been accepted but another cmd must be sent. Transient negative completion reply. The requested action did not take place but can be sent later Permanent negative completion reply. Cmd not accepted and should not be reissued. Syntax Information Connections. Replies referring to control or data connections. x 3 z Authentication and accounting x 4 z Unspecified Filesystem status 2 yz 3 yz 4 yz 5 yz x 0 z x 1 z x 5 z

Example FTP Responses • 120 Service will be ready shortly • 200 Command OK • 230 User login OK • 331 User name OK; password is needed • 421 Service not available • 530 User not logged in • 552 Requested action aborted; exceeded storage allocation

Summary of FTP Connections • FTP has 2 connections - Control (persistent connection) - Server issues a passive open on well-known 21 - Client uses an ephemeral port to issue active open - Server ultimately closes control connection - Data (ephemeral connection) - Client issues passive open on an ephemeral port - Client sends this port to server via PORT command - Server receives the port number and issues active open using its well-known 20 to the received ephemeral port

Data Connection • PORT does not always work…why? • Instead, use PASV command – Client sends PASV command to server – Server chooses ephemeral port: passive open – Server responds with IP, Port in reply (227) – Client issues active open to server’s port • Ultimately, the data sender closes connection

FTP Passive Data Transfer client ls client. txt -rw-r--r-- lucasb client. txt User Interface 226 Closing Data Connection 227 LIST PASV Entering client. txt Passive Mode 150 Data Connection will (128, 4, 40, 42, 20, 5) be open shortly server User Protocol Interpreter User Data Transfer Function Control Connection Server Protocol Interpreter Passive open on Port 5125 Server Data Transfer Connection Function Establish Data Connection

Trivial FTP (TFTP) • Used only to read and write files from/to a remote server – Cannot list directories • Useful for bootstrapping diskless systems TFTP UDP IP Ethernet Physical

TFTP Message Formats Diagrams from Mc. Graw-Hill

TFTP Connection Establishment Passive open Client 69 Server a. Passive open by server Active open Client 50032 69 Server b. Active open by client Client 69 50032 62000 Server c. Rest of communication Diagram from Mc. Graw-Hill

TFTP Data Transfer Diagram from Mc. Graw-Hill

TFTP Connection - Timers Server Client Read Request Eph RRQ “full. OS” DATA 1 69 Eph First Block of 512 Bytes Sent ACK 1 Block 2 Lost DATA 2 Block 3 Damaged ACK 2 DATA 3 ACK 3 DATA 4 Timeout ACK 4 Timeout Timer running ACK 4 Lost

TFTP Connection (Cont’d) Server Client DATA 5 ACK 5 is Slow Discard Duplicate Data is Sent Twice, Known as The Sorcerer's Apprentice Bug ACK 5 Timeout DATA 5 ACK 5 DATA 6 ACK 6 DATA 7 ACK 7 DATA 8 ACK 8 Resend Data 6 Block 8 is the Last Block (383 Bytes)

FTP vs. TFTP 2 connections: control (21) and data (20) Reliable service using TCP Many commands Minimal security using logon procedure Larger code size, fullfeatured TFTP 1 connection (69), stop and wait flow Uses UDP, handles own retransmissions 5 message types, only reads/writes files No logon or security Lightweight, designed to fit on ROM

Security Issues FTP Bounce Attack Control messages Attacker 10. 0. 18. 30 Victim 10. 0. 18. 35 LIST PORT 10. 0. 18. 35: 5000 Login Data Connection FTP Server sthuy

FTP Bounce Attack (cont’d) • According to FTP protocol, client is *supposed* to specify its own IP address and port number. • Port Scan Attack – Attacker gathers information on ports of target machine

FTP Bounce Attack (cont’d) Attacker: 10. 0. 18. 30 FTP login account: sthuy Target: 10. 0. 18. 35

File Exchange Protocol (FXP) • Method of data transfer which uses the FTP protocol’s PASV mode. • Transfer data from one remote server to another (inter-server) without routing this data through the client's connection. • Enabling this can make a server vulnerable to the FTP bounce attack.