[ale] Still using plain FTP? Why?

Michael B. Trausch mike at trausch.us
Tue Jan 20 04:50:22 EST 2015 

On 01/19/2015 11:32 AM, Michael H. Warfield wrote:
> If you don't need something to be secure, anonymous ftp is perfectly fine.  I've had people upload encrypted files to me through anon-ftp many times.  The security is in the file and it was the easiest (only) way they could figure out.  My http upload would bomb out on them from Windows for some reasons we could never figure out and forget about rsync from some windows weenies.  Ftp just works and their are plenty of good clients.  In that regard, ironically, anonymous ftp is vastly more secure and superior to authenticated ftp!  No authentication credentials are exposed and all the security is in the higher level (file) encapsulations as required.

Respectfully, I couldn't possibly disagree with you more.

Let me start with a few statements:

  * Anyone with the time and money to do so can obtain an AS number, an
    IPv4 and/or an IPv6 network block, and two BGP connections between
    other ASes at e.g., an IXP, and obtain transit traffic which is ripe
    for the picking.

  * Simply using FTP gives away at least four potentially useful pieces
    of information: (a) you are looking for or transferring one or more
    files; (b) the names of the files you list, transmit, or receive
    (which people generally fail to protect with the same fervor as the
    file's contents); (c) certain metadata of certain files which are
    listed or transferred (e.g., timestamps, permission bits, usernames
    and/or groups); and (d) the contents of the file, whether in
    plaintext or ciphertext.

  * Easy-to-use clients are available for all operating systems, both
    GUI and command line. (WinSCP is a popular choice among Windows
    users, and can provide either a Windows Explorer type interface or
    an orthodox file manager style interface.)  Of course, nearly all
    non-Windows desktops have SCP and SFTP functionality built-in to the
    GUI in some form or another (this is true for desktops built on GLib
    (including Cinnamon and GNOME), KDE, and OS X).

  * The use of either SCP or SFTP gives away very little information:
    Connection setup and transport are provided by the SSH protocol
    itself, and to an outside observer looks very much the same.  SSH
    provides a *vast* amount of functionality all under one umbrella:
    remote shell, file transfer, forwarding of individual ports,
    forwarding of X11 applications, forwarding of individual sockets
    (port forwarding+socat to connect the forwarded port to a UNIX
    socket, for example), forwarding of entire subnetworks, and bridging
    of network segments... oh, connection masters allowing multiple
    connections between two hosts for a single user, and support for
    arbitrary subsystems. Multiple usages of SSH map to similar or
    identical bandwidth usage profiles.

>From these things above, we can assume that the NSA isn't the only
entity which places boxes in places and sniffs around.  Hell, we can
assume that governments aren't the only entities doing it.  And botnets
bypass all of these assumptions, anyway: any one botnet can see lots of
traffic, as botnets don't just live in people homes, but on business
networks, in data centers, and so forth.  The amount of traffic they can
see is just as immense as the amount of traffic that well-placed nodes
on the Internet which perform transit can, and they don't even need to
pay for the IP addresses!

Can the information leaked by use of FTP be bad?  Well, that depends. 
If a server doesn't normally receive encrypted content, and some shows
up, of course that can be a flag.  And if you're going to encrypt
everything you send anyway, why give that fact away?  Why not just use
SSH?  If you want an equivalent to write-only anonymous FTP, set up an
"anonymous" user that has no password entry on the server, tell OpenSSH
to allow an empty password for that account only, and force it to use
chrooted SFTP within /home/anonymous, with 0300 permissions.  Blends
right in with all the other SSH traffic you have.

It's my position that there is /no/ use for plaintext FTP—or really,
plaintext /anything/—over the Internet any longer. It isn't 1960
anymore: security is inexpensive!  FTP /can/ be a convenient protocol to
use on the LAN or VPON (Virtual Private Overlay Network) for printing
and FAXing, but its time on the public Internet is over, and all but the
very smallest of organizations probably shouldn't even use plaintext
protocols such as FTP on their own network unless there is encryption
provided between hosts by default at either layers 3 or 2.  The argument
that "it's our private network, we should be able to speak cleartext on
it" doesn't really work today.  Yet, as recently as 18 months ago,
several massive corporate networks that I'm aware of /still/ perform
activities in plaintext on their own networks, almost as if they are
absolutely positive that nobody can break in and steal the data of the
businesses' customers...

So I lied in my first email on this thread...  I do use willingly
plaintext FTP occasionally—between my desktop, a switch on my desk, and
the printer also on my desk.  :-)

    — Mike

More information about the Ale mailing list