FTP operates on ports 20 and 21 but transmits credentials and data in cleartext — making it trivially vulnerable to passive sniffing, Man-in-the-Middle (MITM) attacks, and eavesdropping on any network segment along the path.
SFTP — The Secure Alternative
SFTP uses SSH to encrypt both commands and data, preventing passwords and file contents from being intercepted. Note: SFTP uses a different underlying protocol from FTP — standard FTP clients cannot connect to SFTP servers.
FTP Attack Vectors
| Attack | Mechanism |
|---|---|
| DoS via Lockout | Repeatedly attempt wrong passwords until the user profile is disabled |
| Anonymous FTP Abuse | Anonymous logins allow virus uploads, file overwrites, or trust exploitation |
| FTP Bounce Attack | Attacker instructs server via PORT command to deliver files to a victim, hiding true origin |
| Credential Sniffing | FTP credentials in cleartext easily captured by MITM or passive sniffer |
Securing FTP Traffic
- Migrate to SFTP wherever possible — the single most impactful change.
- Disable anonymous FTP logins; if unavoidable, keep FTP software fully patched.
- Use logon exit programs to restrict FTP access by IP address range per user.
- Log all FTP logon attempts; review regularly.
- Block excessive login attempts and commands exceeding defined lengths.
CISSP Made Easy 