FTP - File Transfer Protocol TFTP – Trivial FTP CISC 856 – Fall 2008
description
Transcript of FTP - File Transfer Protocol TFTP – Trivial FTP CISC 856 – Fall 2008
FTP - File Transfer ProtocolTFTP – Trivial FTP
CISC 856 – Fall 2008Shriram Ganesh
University of Delaware
(some/most slides courtesy of Brian Lucas,
Umakanth Puppala, William BoyerVikram Rajan, Michael Haggerty, and Prof Amer)
File Transfer Protocol (RFC 959)• Why FTP?• FTP’s connections• FTP in action• FTP commands/responses
Trivial File Transfer Protocol (RFC 1350)• TFTP and TFTP’s message formats• FTP and TFTP compared
Overview
Network Use
Direct (e.g. telnet)
Indirect (e.g. FTP)
RFC 114 – April 1971 before TCP and IP existed - Used NCP to do FTP on ARPANETRFC 354 – July 1972 - Overall Communication ModelRFC 542 – August 1973 - Remarkably similar to today’s FTP - Still based on NCPRFC 765 – June 1980 - FTP over TCP/IP
A Bit of History - FTP
Purpose: To Transfer files between two computersGoals of FTP Service
• Promote sharing of files (programs and/or data)• Encourage indirect/implicit use of remote
computers• Shield users from variations in file storage among
hosts• Transfer data reliably and efficiently
Why do we need a FTP service?
• At first, file transfer may seem simple• Heterogeneous systems use different:
– Operating Systems– Character Sets– Naming Conventions– Directory Structures– File Structures and Formats
• FTP needs to address and resolve these problems
Problems of file transfer
UserInterface
User Data Transfer
Function
UserProtocol
Interpreter
ServerProtocol
Interpreter
Server Data Transfer
Function
client
server
ControlConnection
DataConnection
* Insulates users from “raw” FTP commandsServer is listening on port 21for connection requests
2
* Routes “raw” FTP commands * Receives server’s replies
* Persistent command and reply connection
Non-persistent data connection
21
20
*Server uses port 20for data connections
FTP’s 2 Connections
UserInterface
User Data Transfer
Function
UserProtocol
Interpreter
ServerProtocol
Interpreter
Server Data Transfer
Function
client
server
ControlConnection
DataConnection
ftp> open strauss.udel.eduConnected to strauss.udel.edu220 strauss FTP server ready.
USER ganesh
331 Password req for ganesh.Password:
PASS mypass
230 User ganesh logged in.ftp>
FTP’s 2 Connections - Establishment
128.4.40.17 (19×256)+137128.4.40.17:5001
User Data Transfer
Function
Server Data Transfer
Function
UserInterface
UserProtocol
Interpreter
ServerProtocol
Interpreter
client
server
ControlConnection
DataConnection
ls client.txt
Passive open onPort 5001
PORT 128,4,40,17,19,137200 Port Command SucessfulLIST client.txt150 Data Connection will be open shortly226 Closing Data Connection
-rw-r--r-- lucasb client.txt
Establish Data Connection
UserProtocol
Interpreter
ServerProtocol
Interpreter
128.4.40.17 19,137
FTP’s 2 Connections – Data Transfer
UserInterface
UserProtocol
Interpreter
ServerProtocol
Interpreter
client
server
ControlConnection
DataConnection
User Data Transfer
Function
Server Data Transfer
Function
bye
QUIT221 Service Closing
FTP’s 2 Connections – Connection Closing
ftp> open server SYN
SYN|ACKACK
220 Service Ready
ftp> USER ganesh
ACK
ACK331 User OK,password?
ACKftp> PASS mypass
ACK230 User login OK
ACK
Client Server
21Eph
FTP Connection
PORT 128,4,40,17,19,137
200 Command Successful
SYN
LIST client.txt
SYN-ACKACK 150 Data Connection
will be open shortly
NAME LIST
FINFIN-ACK
226 Closing Data Connection
ACK
ACK
ACK
ACK
ACK
Control connectionData Connection
Client Server
ACK
Eph
Eph
21
21
500120
5001 20
FTP – Data transfer (get command)
PORT 128,4,40,17,19,137
200 Command Successful
SYN
LIST client.txt
SYN-ACKACK 150 Data Connection
will be open shortlyClient.txt
FINFIN-ACK
226 Closing Data Connection
ACK
ACK
ACK
ACK
ACK
Control connectionData Connection
Client Server
ACK
Eph
Eph
21
21
500120
5001 20
FTP – Data transfer (put command)
Command Descriptionget filename Retrieve file from server
mget filename* Retrieve multiple files from server
put filename Copy local file to server
mput filename* Copy multiple local files to server
open server Begin login to server
bye / close / exit Logoff server
ls / dir List files in current remote dir on server
lcd Change local directory
cd Change remote directory
rhelp / remotehelp Lists commands the server accepts
FTP Client Commands (issued by user interface)
*Server sends list of matching files to client, Client protocol interpreter asks the user for operation on each matching file.
Command DescriptionLIST [filelist ] List files or directories (ls / dir)
USER username Send username to server
PASS password Password on server
PORT h1,h2,h3,h4,p1,p2 Client IP and port number
RETR filename Retrieve (get) filename
STOR filename Store (put) filename
TYPE (A, I, E, N or T) Defines the file type or print format
A-PDU FTP Commands
Reply Description1yz
2yz3yz
4yz
5yz
Positive preliminary reply.The action is being started but expect another reply before sending another cmd.Positive completion reply. A new cmd can be sent.Positive intermediate reply. The cmd has been accepted but another cmd must be sent.Transient negative completion reply. The requested action did not take place but can be sent laterPermanent negative completion reply. Cmd not accepted and should not be reissued.
x0zx1zx2z
x3z
x4zx5z
SyntaxInformationConnections. Replies referring to control or data connections.
Authentication and accounting
UnspecifiedFilesystem status
FTP Response Format
• 120 Service will be ready shortly• 200 Command OK• 230 User login OK• 331 User name OK; password is needed• 421 Service not available• 530 User not logged in• 552 Requested action aborted; exceeded storage
allocation
Example FTP Responses
• FTP has 2 connections- Control (persistent connection)
- Server issues a passive open on well-known 21- Client uses an ephemeral port to issue active open- Server ultimately closes control connection
- Data (ephemeral connection)- Client issues passive open on an ephemeral port- Client sends this port to server via PORT
command- Server receives the port number and issues active
open using its well-known 20 to the received ephemeral port
Summary of FTP Connections
• PORT does not always work…why?• Instead, use PASV command
– Client sends PASV command to server– Server chooses ephemeral port: passive open– Server responds with IP, Port in reply (227)– Client issues active open to server’s port
• Ultimately, the data sender closes connection
Data Connection
User Data Transfer
Function
Server Data Transfer
Function
UserInterface
UserProtocol
Interpreter
ServerProtocol
Interpreter
client
server
ControlConnection
DataConnection
ls client.txt
Passive open onPort 5125
PASV227 Entering Passive Mode (128,4,40,42,20,5) LIST client.txt150 Data Connection will be open shortly226 Closing Data Connection
-rw-r--r-- lucasb client.txt
Establish Data Connection
UserProtocol
Interpreter
ServerProtocol
Interpreter
FTP Passive Data Transfer
• Used only to read and write files from/to a remote server– Cannot list directories
• Useful for bootstrapping diskless systems
TFTP
UDP
IP
Ethernet
Physical
Trivial FTP (TFTP)
Diagrams from McGraw-Hill
TFTP Message Formats
Diagram from McGraw-Hill
TFTP Connection Establishment
Client Server69
Passive open
a. Passive open by server
Client Server69
b. Active open by client
Active open
50032
Client Server62000
c. Rest of communication
5003269
Diagram from McGraw-Hill
TFTP Data Transfer
Read Request RRQ “fullOS”
DATA 1ACK 1
Timeout
ACK 2
Client Server
DATA 2
DATA 2
Timeout
ACK 3
DATA 3
DATA 3
First Block of 512 Bytes Sent
Block 2 Lost
Block 3 Damaged
ACK 4DATA 4
Timeout
ACK 4ACK 4 Lost
Eph69
Eph
Timer running
TFTP Connection - Timers
DATA 5
ACK 5 Timeout
Client Server
DATA 5
ACK 5 DATA 6
ACK 6 DATA 6
ACK 6 DATA 7
ACK 7 DATA 7
ACK 7 DATA 8
ACK 8 DATA 8
ACK 8
Block 8 is the LastBlock (383 Bytes)
ACK 5 is Slow
Discard Duplicate
Resend Data 6
Data is SentTwice, Known asThe Sorcerer's Apprentice Bug
TFTP Connection (Cont’d)
FTP TFTP2 connections: control
(21) and data (20)1 connection (69), stop
and wait flowReliable service using
TCPUses UDP, handles own
retransmissionsMany commands 5 message types, only
reads/writes filesMinimal security using
logon procedureNo logon or security
Larger code size, full-featured
Lightweight, designed to fit on ROM
FTP vs. TFTP
Security IssuesFTP Bounce Attack
FTP Server
Attacker Victim
10.0.18.30 10.0.18.35
sthuy
LoginPORT 10.0.18.35:5000LIST
Data Connection
Control messages
• According to FTP protocol, client is *supposed* to specify its own IP address and port number.
• Port Scan Attack – Attacker gathers information on ports of target machine
FTP Bounce Attack (cont’d)
Attacker: 10.0.18.30 FTP login account: sthuy Target: 10.0.18.35
FTP Bounce Attack (cont’d)
• Method of data transfer which uses the FTP protocol’s PASV mode.
• Transfer data from one remote server to another (inter-server) without routing this data through the client's connection.
• Enabling this can make a server vulnerable to the FTP bounce attack.
File Exchange Protocol (FXP)