FTP operates on ports 20 and 21 but transmits credentials and data in cleartext — making it trivially vulnerable to passive sniffing, Man-in-the-Middle (MITM) attacks, and eavesdropping on any network segment along the path.

SFTP — The Secure Alternative

SFTP uses SSH to encrypt both commands and data, preventing passwords and file contents from being intercepted. Note: SFTP uses a different underlying protocol from FTP — standard FTP clients cannot connect to SFTP servers.

FTP Attack Vectors

Attack	Mechanism
DoS via Lockout	Repeatedly attempt wrong passwords until the user profile is disabled
Anonymous FTP Abuse	Anonymous logins allow virus uploads, file overwrites, or trust exploitation
FTP Bounce Attack	Attacker instructs server via PORT command to deliver files to a victim, hiding true origin
Credential Sniffing	FTP credentials in cleartext easily captured by MITM or passive sniffer

Securing FTP Traffic

• Migrate to SFTP wherever possible — the single most impactful change.
• Disable anonymous FTP logins; if unavoidable, keep FTP software fully patched.
• Use logon exit programs to restrict FTP access by IP address range per user.
• Log all FTP logon attempts; review regularly.
• Block excessive login attempts and commands exceeding defined lengths.