FTP Security with Sockets

: File Transfer Protocol (FTP), is a standard network protocol used to transfer files from one host to another host over a Transmission Control Protocol (TCP), based network such as internet. This protocol can be used to upload or download files form one host to another. This protocol is based on client-server architecture. This article is about the security issues in FTP i.e., bounce attack, brute force, spoof attack and port stealing etc. Port Stealing is an issue in FTP that enables cyber criminals to steal data in transit. In this document we will be presenting a novel way to solve this problem by using Sockets and will secure information using encryption techniques to encrypt the data in transit.


I. Introduction
Protocol: Protocols exist at several levels in a telecommunication connection.For example, there are protocols for the data interchange at the hardware device level and protocols for data interchange at the application program level.In the standard model known as Open Systems Interconnection (OSI), there are one or more protocols at each layer in the telecommunication exchange that both ends of the exchange must recognize and observe.Protocols are often described in an industry or international standard.The TCP Internet protocols is a common example of this.
FTP Protocol: FTP is a standard network protocol used for the transfer of computer files between a client and server on a computer network.It allows you to have ownership and access restrictions.It hides the details of individual computer system.FTP is a client-server protocol that relies on two communications channels between client and server: a command channel for controlling the conversation and a data channel for transmitting file content.Clients initiate conversations with servers by requesting to download a file.Using FTP, a client can upload, download, delete, and rename, move and copy files on a server.A user typically needs to log on to the FTP server, although some servers make some or all of their content available without login, also known as anonymous FTP.FTP sessions work in passive or active modes.In next section we will discuss about the common issues that lie in FTP .

II. Issues in FTP
A. FTP bounce attack is an exploit of the FTP protocol whereby an attacker is able to use the PORT command to request access to ports indirectly with the victim machine as an intermediary for the request.
B. FTP brute force attack is a way of cracking passwords by guessing.However, these "guesses", delivered one after another, are done very rapidly.They are spewed forth by hacking tools that reference a long list of possible passwords, often called a wordlist.
C. Spoof Attack is all about we restrict access to FTP servers based on the network address, it is possible that a cyber-criminal can use an external computer and assume the host address of a computer on the enterprise network, and download files during data transfer.
D. Port Stealing is all about when operating systems assign dynamic port numbers in a particular order or pattern, an attacker easily decodes the pattern and identify the next port number, which will be used.By illegally gaining access to a port number, the legitimate client trying to access the file will be denied and the hacker can steal files, or even insert a forged file or malicious file into the data stream, which will be accessed by other legitimate users in the organization.
In this article, we will be focusing on port stealing from the above ones.So next, we will be discussing about port stealing.

III. Port Stealing Background
Many operating systems assign dynamic port numbers in increasing order.By making a legitimate transfer, an attacker can observe the current port number allocated by the server and "guess" the next one that will be used.The attacker can make a connection to this port, thus denying another legitimate client the ability to make a transfer.Alternatively, the attacker can steal a file meant for a legitimate user.In addition, an attacker can insert a forged file into a data stream thought to come from an authenticated client.This problem can be mitigated by either making FTP clients and servers use random local port numbers for data connections, by requesting random ports from the operating system or using system dependent mechanisms.

IV. Port Stealing
Port Stealing is a technique, which cyber criminals use to sniff in a switched environment when Address Resolution Protocol (ARP) [1] poisoning is not effective (for example, where static mapped ARPs are used).It floods the LAN with ARP packets.The destination Media Access Control (MAC) address of each "stealing" packet is the same as the attacker's one (other Network Interface Card (NIC) will not see these packets); the source MAC address will be one of the MACs of the victims.This process "steals" the switch's port of each victim.The attacker, winning the race condition with the real port owner, will receive using low delays, packets destined to "stolen" MAC addresses.When the attacker receives packets for "stolen" hosts, it stops the flooding process and performs an ARP request for the real destination of the packet.When the attacker receives the ARP, reply it is sure that the victim has "taken back" his port, so attacker can re-send the packet to the destination as is.The attacker will not keep the stolen port for himself; he will proceed in the following loop: 1. Steal the port, 2. Receive some data, 3. Give the port back, 4. Forward the data to the real destination, 5. Go back in step 1 by stealing the port again.
Let us say an attacker (evil0, behind switch port 1) wants to steal pc2 (the victim) port on the switch (port 2).SW1 has to be "tricked" into thinking that pc2 is behind the same switch port as evil0 (port1) To do that we evil0 has to send an Ethernet packet with bb:00:00:00:00:02 as source MAC address We say that evil0 has to "spoof" the victim's MAC address, or in other words to "forge an Ethernet packet with spoofed source MAC address" evil0 has to send "whatever" packet (ARP, raw Internet Protocol (IP), Internet Control Message (ICMP) [2], empty User Datagram Protocol (UDP)/TCP, Domain Name Service (DNS), etc..) with spoofed source MAC address and the switch will update the Forwarding Database (FDB) [3] properly.indicating, for example, that a requested service is not available or that a host or router could not be reached, use it.

A. How can Port Stealing be used as a MITM attack?
One can "steal" a Port by sending Ethernet Frames faking the victims source MAC-Address with the goal of confusing the Switch to a point where the CAM-Table (Content Addressable Memory Table ) associates the attackers Port with the victims MAC Address that for real is behind another Port.This will result in the attacker receiving all the Packets, which are destined for the victim.However, at this point the attacker is not able to forward the packets to the victim because the switch still thinks the victim is behind the attacker's port.

B. How to avoid Port Stealing:
We can avoid port stealing by making our FTP Protocol more reliable and more secure.We can secure our FTP Protocol by means of encryption and by making login password lengthy and making, the use of special symbols compulsory in the password.

V. Sockets
Sockets allow communication between two different processes on the same or different machines.To be more precise, it is a way to talk to other computers using standard UNIX file descriptors.In UNIX, every I/O action is done by writing or reading a file descriptor.A file descriptor is just an integer associated with an open file and it can be a network connection, a text file, a terminal, or something else.To a programmer, a socket looks and behaves much like a low-level file descriptor.This is because commands such as read () and write () work with sockets in the same way they do with files and pipes.Sockets were first introduced in 2.1BSD (Berkeley Software Distribution) and subsequently refined into their current form with 4.2BSD.The sockets feature is now available with most current UNIX system releases.

A. Where is Socket Used?
A Unix Socket is used in a client-server application framework.A server is a process that performs some functions on request from a client.Most of the application-level protocols like FTP, (Simple Mail Transfer Protocol (SMTP), and POP3 make use of sockets to establish connection between client and server and then for exchanging data.

B. Socket Types:
There are four types of sockets available to the users.The first two are most commonly used and the last two are rarely used.Processes are presumed to communicate only between sockets of the same type but there is no restriction that prevents communication between sockets of different types.3) Raw Sockets -These provide users access to the underlying communication protocols, which support socket abstractions.These sockets are normally datagram oriented, though their exact characteristics are dependent on the interface provided by the protocol.Raw sockets are not intended for the general user; they have been provided mainly for those interested in developing new communication protocols, or for gaining access to some of the more cryptic facilities of an existing protocol.4) Sequenced Packet Sockets -They are similar to a stream socket, with the exception that record boundaries are preserved.This interface is provided only as a part of the Network Systems (NS) socket abstraction, and is very important in most serious NS applications.Sequenced-packet sockets allow the user to manipulate the Sequence Packet Protocol (SPP) or Internet Datagram Protocol (IDP) headers on a packet or a group of packets, either by writing a prototype header along with whatever data is to be sent, or by specifying a default header to be used with all outgoing data, and allows the user to receive the headers on incoming packets.

VI. Solution
The best possible way is to use one of the above sockets schemes to secure data and have safe transit according to the requirements.We know this is not a generic solution but this is the best solution available in concerns with reliability, cost, speed and accuracy.However, we can do one thing and that is to provide multiple socket schemes in one protocol to make it more generic.Of course, we will not put all in one protocol because it just ruined the speed and accuracy factor.Rather than we will use different combos according to requirements.We can use this scheme to make is more generic that to divide this combos into different groups i.e., business, local, public etc.

VII. Conclusion
This article was all about how to secure data transit-using FTP.We discussed about different issues in FTP and talked about port stealing.In addition, in port stealing we picked sockets for the solution.This is one of the best reliable methods available nowadays.For further work we have thoughts of exploring the data encryption cost and methods.

Figure 1
Figure 1 Active Mode Figure 2 Passive Mode

Figure 3 FTP
Figure 3 FTP Client-Server Communication

1 ) 2 )
Stream Sockets -Delivery in a networked environment is guaranteed.If you send through the stream socket three items "A, B, C", they will arrive in the same order -"A, B, C".These sockets use TCP for data transmission.If delivery is impossible, the sender receives an error indicatorDatagram Sockets -Delivery in a networked environment is not guaranteed.They are connectionless because you do not need to have an open connection as in Stream Sockets -you build a packet with the destination information and send it out.They use UDP.