File Transfer Protocol (FTP): 20, 21

Security Weaknesses

• Transmits data, including credentials, in plaintext, making it vulnerable to sniffing.

• FTP bounce attacks can use the protocol to scan ports or launch attacks from a compromised server.

• Lacks built-in encryption or authentication mechanisms.

Security Defense and Mitigation Measures

• Replace FTP with secure alternatives like FTPS or SFTP.

• Disable anonymous access and enforce strong passwords.

• Restrict FTP access to specific IP ranges using a firewall.

• Monitor logs for unusual activity.

Indicators of Compromise or Attack

• Unusual file uploads or downloads.

• High volumes of traffic on port 21 (TCP).

• Unencrypted credentials visible in network captures.