EN
Русский
TCP
File Transfer
Port 20 (FTP Data)
Learn about port 20 (FTP Data) - security risks, vulnerabilities, and common uses. Find devices with port 20 open.
Quick Info
Port Number
20
Protocol
TCP
Service
FTP Data
IANA Name
FTP Data
Service Description
TCP port 20 is traditionally associated with the File Transfer Protocol (FTP) for data transfer. FTP operates using two separate TCP connections: one for control (port 21) and another for data transfer (port 20). In active FTP mode, the client initiates a control connection to the server on port 21. When data transfer is required, the server initiates a connection back to the client on port 20 (from the server's port 20 to a dynamically allocated port on the client above 1023). This mechanism is the core function of port 20, enabling the transfer of files between the client and server. The data connection is only established when a file transfer is initiated, making it ephemeral in nature. The protocol itself is relatively old, dating back to the early days of the internet, and predates many modern security practices.
## Firewall Recommendations
Due to the inherent security risks and the availability of more secure alternatives like SFTP (SSH File Transfer Protocol) and FTPS (FTP Secure), the use of active FTP and consequently port 20 is generally discouraged. If active FTP must be used, it is crucial to implement robust firewall rules to restrict incoming connections to port 20 only from trusted FTP servers. Consider using passive FTP instead, which eliminates the need for the server to initiate connections to the client. If possible, disable FTP entirely and migrate to a more secure file transfer protocol. When allowing connections, inspect traffic for malicious payloads and implement intrusion detection/prevention systems. Logging and monitoring of FTP traffic are also essential for detecting suspicious activity.
## Firewall Recommendations
Due to the inherent security risks and the availability of more secure alternatives like SFTP (SSH File Transfer Protocol) and FTPS (FTP Secure), the use of active FTP and consequently port 20 is generally discouraged. If active FTP must be used, it is crucial to implement robust firewall rules to restrict incoming connections to port 20 only from trusted FTP servers. Consider using passive FTP instead, which eliminates the need for the server to initiate connections to the client. If possible, disable FTP entirely and migrate to a more secure file transfer protocol. When allowing connections, inspect traffic for malicious payloads and implement intrusion detection/prevention systems. Logging and monitoring of FTP traffic are also essential for detecting suspicious activity.
Security Information
Port 20, when used in active FTP mode, presents several security concerns. The primary risk stems from the server initiating a connection back to the client. This requires the client to open a port and listen for incoming connections, which can be problematic for clients behind firewalls or Network Address Translation (NAT) devices. This configuration inherently weakens the client's security posture. Attackers can exploit this by spoofing the source IP address of the FTP server and sending malicious data to the client's open port, potentially leading to data corruption or even system compromise. Furthermore, FTP itself is an unencrypted protocol, meaning that usernames, passwords, and data are transmitted in plaintext, making them vulnerable to eavesdropping and man-in-the-middle attacks. While passive FTP mitigates some risks by having the client initiate both control and data connections, active mode is still sometimes used and poses these dangers.
Common Software
- FileZilla Server
- vsftpd
- ProFTPD
- Pure-FTPd
- Serv-U FTP Server
- Microsoft IIS FTP Server
- glFTPd
- NcFTPd
- CrushFTP
Find all devices with port 20 open
ScaniteX scans millions of IPs to find devices with specific ports open. Perfect for security research and network auditing.
Start Mass Scanning