FTP

From ICANNWiki
Jump to navigation Jump to search

FTP is an acronym for File Transfer Protocol, which is a TCP/IP based network protocol just like the HTTP used to transmit files from one computer to another through the internet. FTP is designed to transfer small multiple files such as images on a web page instead of transferring a single large file. This standard protocol supports pausing, scheduling and restarting of file downloads.

Objectives of FTP[edit | edit source]

Based on RFC 959, FTP has four primary objectives which include:

  1. promote file sharing (computer programs and/or data)
  2. encourage indirect or implicit use of remote computers
  3. shield users from variations in file storage systems among hosts
  4. efficient and reliable data transfer

Background[edit | edit source]

File Transfer Protocol was first introduced by Abhay Bhushan from the Massachusetts Institute of Technology (MIT) Project MAC on April 16, 1971 through RFC 114, which provides the standard definition and the basic commands of the protocol enabling devices specifically computers to communicate or transfer files or messages with each other. [1] [2]

RFC 114 was updated by several RFCs to improve the specifications of FTP such ad RFC 172, RFC 265. On July 8, 1972, Bhustan introduced a major revision of the FTC specifications through RFC 354. Based on the RFC, FTP aims to allow the efficient and reliable transfer of files among HOSTs as well as the convenient use of remote file storage capabilities. [3] Subsequent RFCs were further released providing more improvements on the protocol including RFC 542 in 1973.

In 1974, RFCs 607, 614 and 624 proposed changes in the design of the FTP. These RFCs were followed by RFCs 686 and RFC 691, which provided additional information regarding the printing of files.

The first FTP standard protocol was RFC 765, which was published by Jon Postel in June 1980. This specification described the transition of using TCP instead of NCP as the fundamental protocol for FTP. [4]

Current FTP Standard Specification[edit | edit source]

The latest FTP standard specification implemented by the Internet Engineering Task Force (IETF) was RFC 959 which was published by Jon Postel and Joyce Reynolds on October 1985. The current RFC included new commands such as CDUP (Change to Parent Directory), SMNT (Structure Mount), STOU (Store Unique), RMD (Remove Directory), MKD (Make Directory), PWD (Print Directory) and SYST (System).[5]

FTP Commands[edit | edit source]

Access Control Commands[edit | edit source]

  • USER NAME (USER)
  • PASSWORD (PASS)
  • ACCOUNT (ACCT)
  • CHANGE WORKING DIRECTORY (CWD)
  • CHANGE TO PARENT DIRECTORY (CDUP)
  • STRUCTURE MOUNT (SMNT)
  • REINITIALIZE (REIN)
  • LOGOUT (QUIT)

Transfer Parameter Commands[edit | edit source]

  • DATA PORT (PORT)
  • PASSIVE (PASV)
  • REPRESENTATION TYPE (TYPE)
  • FILE STRUCTURE (STRU)
  • TRANSFER MODE (MODE)

FTP Service Commands[edit | edit source]

  • RETRIEVE (RETR)
  • STORE (STOR)
  • STORE UNIQUE (STOU)
  • APPEND (with create) (APPE)
  • ALLOCATE (ALLO)
  • RESTART (REST)
  • RENAME FROM (RNFR)
  • RENAME TO (RNTO)
  • ABORT (ABOR)
  • DELETE (DELE)
  • REMOVE DIRECTORY (RMD)
  • MAKE DIRECTORY (MKD)
  • PRINT WORKING DIRECTORY (PWD)
  • LIST (LIST)
  • NAME LIST (NLST)
  • SITE PARAMETERS (SITE)
  • SYSTEM (SYST)
  • HELP (HELP)
  • NOOP (NOOP)

Anonymous FTP[edit | edit source]

An anonymous FTP allows a remote user to securely access a certain part of a disk space by creating an FTP connection and logging on to the system using anonymous as the username and the e-mail id as password.[6]

Security Issues[edit | edit source]

Although the FTP was designed to transfer data efficiently and reliably, the protocol has security loopholes because data are transmitted on a plain text and it does have any provision for data encryption. Hackers can easily steal users passwords, read and monitor private files and conversations and they can also install viruses.[7] Mark Allman from NASA Glenn Research Center/Sterling Software and Shawn Ostermann from Ohio University School of Electrical Engineering and Computer Science wrote RFC 2577 and identified three security problems associated with FTP such as Bounce Attacks, Spoof attacks and Denial of Service Attacks and suggested measures to reduce or prevent security problems associated with FTP.[8]

References[edit | edit source]