Ftp

From l7protocols
Jump to navigation Jump to search

FTP is File Transfer Protocol, as defined in RFC 959. It is a common way of downloading files.

Identification

Ports

FTP servers usually run on TCP port 21. However, the actual file transfers occur on unpredictable TCP ports. Netfilter can track these connections for the purposes of getting them through its NAT or to identify them as FTP.

l7-filter

l7-filter uses the ftp pattern. It has been tested against proftpd, vsftpd, wuftpd, warftpd, pureftpd, Bulletproof FTP Server, and whatever ftp.microsoft.com uses. It assumes that the "hello" string following the opening 220 contains the string "ftp" and uses only ASCII characters. In case this is not the case for a server you encounter, some alternate patterns are included in the pattern file.

^220[\x09-\x0d -~]*ftp|331[\x09-\x0d -~]*password

See also