FTP service program insecure factor research

FTP (File Tranfer Protocol) is a very old protocol, has been used since Unix, FTP because it can not only provide multi-user simultaneous download function In addition, users can also upload files. In the continuous development, you can also use ftp to remotely execute commands. Because FTP generally requires accounts and passwords, and different permissions can be provided for different accounts. Because of so many functions, It has been quite popular to this day. However, I will talk about the security issues that are likely to occur with FTP services.

FTP connections generally have two connections, one is the client and server transfer commands, and the other is the data transfer connection. FTP service programs generally support two different modes, one is Port mode and the other is Passive mode (Pasv Mode). Let me first talk about the difference between the two different modes of connection.

First assume that the client is C, the server is S.

Port mode:

When client C connects to server S, it uses Port mode, then client C will send a command to tell the server S (client C opens a port N locally waiting for you to enter the data connection), when the server S receives the Port command, it will send the client The port N that is open is connected, and this data connection is generated.

Pasv mode:
When client C connects to server S, server S will send a message to client C. This information is (server S opens a port M locally, you Now connect me.) When client C receives this message, it can connect to the M port of server S. After the connection is successful, the data connection is also established.

From the above explanation, you should be able to see that the main difference between the two modes is the difference in the establishment of the data connection. For the Port mode, the client C opens a port and other server S to connect. Data connection; while Pasv mode is that server S opens a port and waits for client C to establish a data connection.

The two modes seem to be fine, but they all hide security issues.

For Port mode, this mode is mostly used because the server has a firewall, can not use Pasv to open the port on the server to let the client connect and is forced to use, but because the connection itself is served by the server The connection itself is inherently a security issue, because if the connection is hijacked, since the connection is connected by the server itself, the firewall will not have any action to handle the connection.

For the Pasv mode, it seems to be much safer than the Port mode, but if you think about it seriously, you will still find its own problems. Since the server will open a port and other clients to connect, but if the open port does not detect whether the connected IP is the client's IP, then security issues arise. Because there are many FTP server open data ports and other client connections are random, but will be within a certain range, for example, between 20000-21000. If the FTP server does not detect whether the connected IP is already a legitimate login user when receiving the connection of the data port, then other users who have not logged in have a good chance to write the program hijack. The following gives an example:

The server S receives the client C (IP=12.12.12.12) command connection using the Pasv mode, and the server S opens the port 20000 to wait for the data connection. At the time, a hacker (IP=11.11.11.11) scanned the port of 20,000 to 20100 of the server S, and found that the 20,000 port was opened, and immediately connected to the port of 20000 of the server S. In this case, if the server S does not detect whether the 11.11.11.11 IP is the IP of the legally logged-in user, then the real client C data connection is hijacked, if the client C sends it to the server. The command of S is to download a file, then that file will only be sent to the hacker. In this case, the hacker can randomly scan and hijack to different connections, or can connect to those ports at the same time, then the connection of legitimate users will be hijacked a lot, what will the hacker do after hijack, then The hacker's ability and what he wants to do.

Solution:

For Port mode, since it is a problem with FTP itself, there is no good way to solve it. Or if you can, just allow Pasv mode and not allow Port mode.

For the Pasv mode, as long as the IP is detected as a legitimate user's request when receiving a data connection, the problem of the connection being hijack can be avoided.

The above hijack connections belong to the more advanced "hacker" and have the opportunity to be implemented, because different FTP service programs are different, and generally you need to research the FTP service first. It is only possible to implement the program and then write the program. The following talks about the problem that the average user can invade the system through FTP by writing the FTP service program for security.

This problem is usually very common, and it is generally a permission restriction for the directory that users can jump to after logging in to FTP.

A lot of used FTP programs (the most basic FTP service, only provide upload, download, even the user name and password are not required), such as anonymouse ftp (aftp), no restrictions on landing The directory that the user can jump to, that is, the user who logs in can view the files of different directories of the system at will, download files of different directories or upload files to any directory, and can download any file or upload any file to any directory. How serious the problem is, I don't need to say it.

Some FTP programs, although providing a user name and password, but no restrictions on the user access to the directory, xfocus produced, xftpd is a good example, after the user login, the same can be above As said, the user can download any file from the system or upload any file to any directory.
Some FTP, is not comprehensive enough to limit the access to the directory, so that the login user can use some special characters to access the restricted access directory. A good example is the old version of slimftpd. This situation is commonly referred to as "Directory Traveling Vulnerability", and many older versions of the shared FTP server have had these problems.

If you want to set up an FTP server, the advice I can give is to choose a more stable and secure FTP program (of course you can consider writing it yourself), and then before you actually put it into use, The security issue is checked by yourself. If you write it yourself, you can release some free versions (not full-featured) to test the user. After the test is no problem, put it into use.

The above is all about being careful when you research the FTP protocol with your friends when developing the FTP service program. Something that is wrong during the test is also inevitable. If you see something wrong, you can Follow the post.