Mark Allman / ICSI @mallman_icsi

Mark Allman, Shawn Ostermann. FTP Security Considerations, May 1999. RFC 2577.
Status: Informational.
TXT | Errata


The specification for the File Transfer Protocol (FTP) contains a number of mechanisms that can be used to compromise network security. The FTP specification allows a client to instruct a server to transfer files to a third machine. This third-party mechanism, known as proxy FTP, causes a well known security problem. The FTP specification also allows an unlimited number of attempts at entering a user's password. This allows brute force "password guessing" attacks. This document provides suggestions for system administrators and those implementing FTP servers that will decrease the security problems associated with FTP.


    author =        "Mark Allman and Shawn Ostermann",
    title  =        "{FTP Security Considerations}",
    year   =        1999,
    month  =        may,
    note   =        "RFC 2577",
"We are what we repeatedly do. Excellence, then, is not an act, but a habit." --Aristotle