FTP
What is FTP?
FTPA legacy file-transfer protocol (RFC 959) that uses TCP port 21 for control and port 20 for data, transmitting credentials and files in cleartext and largely deprecated for security reasons.
The File Transfer Protocol, defined in RFC 959, was one of the first Internet protocols, splitting traffic across two TCP connections: a control channel on port 21 for commands such as USER, PASS, RETR, STOR and a data channel on port 20 in active mode or an ephemeral port in passive mode. FTP transmits credentials and file content in cleartext, allowing any on-path attacker to harvest passwords or modify transfers. Variants such as FTPS (FTP over TLS, RFC 4217) add encryption, while SFTP (over SSH) replaces FTP entirely. Modern environments avoid plain FTP, favoring SFTP, HTTPS uploads, or object storage with signed URLs.
● Examples
- 01
A legacy build server still publishes nightly artifacts via ftp upload.example.com.
- 02
A penetration tester sniffs port 21 traffic and recovers admin credentials in plaintext.
● Frequently asked questions
What is FTP?
A legacy file-transfer protocol (RFC 959) that uses TCP port 21 for control and port 20 for data, transmitting credentials and files in cleartext and largely deprecated for security reasons. It belongs to the Network Security category of cybersecurity.
What does FTP mean?
A legacy file-transfer protocol (RFC 959) that uses TCP port 21 for control and port 20 for data, transmitting credentials and files in cleartext and largely deprecated for security reasons.
How does FTP work?
The File Transfer Protocol, defined in RFC 959, was one of the first Internet protocols, splitting traffic across two TCP connections: a control channel on port 21 for commands such as USER, PASS, RETR, STOR and a data channel on port 20 in active mode or an ephemeral port in passive mode. FTP transmits credentials and file content in cleartext, allowing any on-path attacker to harvest passwords or modify transfers. Variants such as FTPS (FTP over TLS, RFC 4217) add encryption, while SFTP (over SSH) replaces FTP entirely. Modern environments avoid plain FTP, favoring SFTP, HTTPS uploads, or object storage with signed URLs.
How do you defend against FTP?
Defences for FTP typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for FTP?
Common alternative names include: File Transfer Protocol.
● Related terms
- network-security№ 1022
SFTP
A secure file-transfer subsystem that runs inside an SSH session on TCP port 22, providing authenticated, encrypted file and directory operations.
- network-security№ 1087
SSH
A cryptographic network protocol (RFC 4251, port 22) that provides authenticated, encrypted, and integrity-protected remote login, command execution, and tunneling over an untrusted network.
- network-security№ 1134
TCP
A connection-oriented transport protocol (RFC 9293) that delivers an ordered, reliable, congestion-controlled byte stream between two endpoints over IP.
- network-security№ 1159
TLS (Transport Layer Security)
The IETF-standardized cryptographic protocol that provides confidentiality, integrity, and authentication for traffic between two networked applications.
- identity-access№ 076
Authentication
The process of verifying that an entity — user, device or service — really is who or what it claims to be before granting access.
- network-security№ 1136
TCP/IP
The four-layer Internet Protocol Suite that defines how packets are addressed, routed, fragmented, and reliably delivered between hosts across interconnected networks.