EN
Русский
TCP
Dangerous
File Transfer
Port 21 (FTP Control)
Learn about port 21 (FTP Control) - security risks, vulnerabilities, and common uses. Find devices with port 21 open.
Quick Info
Port Number
21
Protocol
TCP
Service
FTP Control
IANA Name
FTP Control
Service Description
Network port 21 (TCP) is the standard port for the File Transfer Protocol (FTP) control connection. FTP is a client-server protocol used for transferring files between computers on a network, typically over the Internet. Historically, FTP was one of the earliest protocols used for file sharing, dating back to the early days of the ARPANET. The protocol operates using two distinct TCP connections: the control connection (port 21) and the data connection (port 20 by default, or a dynamically negotiated port in passive mode). The control connection is responsible for authentication, issuing commands (e.g., `LIST`, `RETR`, `STOR`), and receiving responses from the server. This connection remains open for the duration of the FTP session.
At a technical level, the client initiates a TCP connection to the FTP server on port 21. After a successful connection, the server responds with a greeting. The client then authenticates by providing a username and password. Once authenticated, the client can send commands to the server to navigate directories, list files, and initiate file transfers. File transfers themselves occur over the data connection. FTP supports two modes for data connections: active and passive. In active mode, the client opens a port and informs the server to connect to it. In passive mode, the server opens a port and informs the client to connect to it. Passive mode is often used when the client is behind a firewall or NAT, as it avoids the need for the server to initiate a connection to the client.
## Firewall Recommendations
Given the inherent security risks associated with FTP, it's generally recommended to block port 21 unless absolutely necessary. If FTP is required, consider using a secure alternative like SFTP (SSH File Transfer Protocol) which uses port 22, or FTPS (FTP Secure) which uses TLS/SSL encryption, typically on port 990 or 21 with explicit TLS. If you must use FTP, implement the following best practices: restrict access to authorized IP addresses only, enforce strong passwords, disable anonymous login, monitor FTP traffic for suspicious activity, and keep the FTP server software up-to-date with the latest security patches. Consider using passive mode to avoid firewall traversal issues. If possible, migrate to a more secure protocol like SFTP or FTPS to minimize the attack surface.
At a technical level, the client initiates a TCP connection to the FTP server on port 21. After a successful connection, the server responds with a greeting. The client then authenticates by providing a username and password. Once authenticated, the client can send commands to the server to navigate directories, list files, and initiate file transfers. File transfers themselves occur over the data connection. FTP supports two modes for data connections: active and passive. In active mode, the client opens a port and informs the server to connect to it. In passive mode, the server opens a port and informs the client to connect to it. Passive mode is often used when the client is behind a firewall or NAT, as it avoids the need for the server to initiate a connection to the client.
## Firewall Recommendations
Given the inherent security risks associated with FTP, it's generally recommended to block port 21 unless absolutely necessary. If FTP is required, consider using a secure alternative like SFTP (SSH File Transfer Protocol) which uses port 22, or FTPS (FTP Secure) which uses TLS/SSL encryption, typically on port 990 or 21 with explicit TLS. If you must use FTP, implement the following best practices: restrict access to authorized IP addresses only, enforce strong passwords, disable anonymous login, monitor FTP traffic for suspicious activity, and keep the FTP server software up-to-date with the latest security patches. Consider using passive mode to avoid firewall traversal issues. If possible, migrate to a more secure protocol like SFTP or FTPS to minimize the attack surface.
Security Information
FTP, especially in its unencrypted form, presents significant security risks. The transmission of usernames, passwords, and data in plaintext makes it vulnerable to eavesdropping and interception using packet sniffers. Attackers can capture credentials and gain unauthorized access to the server, potentially leading to data breaches, malware uploads, and server compromise. Furthermore, FTP's active mode can pose firewall traversal issues and expose internal network addresses. The lack of built-in security features like encryption and integrity checking makes it a prime target for man-in-the-middle attacks, where attackers can intercept and modify data in transit. Due to these inherent vulnerabilities, FTP is often targeted by attackers seeking to exfiltrate sensitive data or establish a foothold within a network.
Known Vulnerabilities
| CVE | Name | Severity | Description |
|---|---|---|---|
| CVE-2011-2526 | vsftpd Backdoor Command Execution | Critical | vsftpd versions 2.3.4 and earlier contain a backdoor that allows remote attackers to execute arbitrary commands by sending a username that ends with ":)" followed by a crafted command. |
| CVE-2010-4221 | ProFTPD mod_copy Command Execution | High | The mod_copy module in ProFTPD allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SRC and DEST parameters to the SITE CPFR and SITE CPTO commands. |
| CVE-2015-3276 | Pure-FTPd Denial of Service | Medium | Pure-FTPd allows remote attackers to cause a denial of service (CPU consumption) via a large number of connections. |
Common Software
- FileZilla Server
- vsftpd
- ProFTPD
- Pure-FTPd
- Serv-U FTP Server
- WS_FTP Server
- CuteFTP
- NcFTP
Find all devices with port 21 open
ScaniteX scans millions of IPs to find devices with specific ports open. Perfect for security research and network auditing.
Start Mass Scanning