Page 380 - StudyBook.pdf
P. 380

364    Chapter 6 • Infrastructure Security: Devices and Media

             mode. In passive mode, the server uses a random port for data connection and port
             21 for the control connection.



              EXAM WARNING
                  The Security+ exam requires that you understand how the FTP process
                  works. There are two modes in which FTP operates: active and passive.
                      Active Mode
                      1. The FTP client initializes a control connection from a random port
                  higher than 1024 to the server’s port 21.
                      2. The FTP client sends a PORT command instructing the server to
                  connect to a port on the client one higher than the client’s control port.
                  This is the client’s data port.
                      3. The server sends data to the client from server port 20 to the
                  client’s data port.
                      Passive Mode
                      1. The FTP client initializes a random port higher than 1023 as the
                  control port, and initializes the port one higher than the control port as
                  the data port.
                      2. The FTP client sends a PASV command instructing the server to
                  open a random data port.
                      3. The server sends a PORT command notifying the client of the data
                  port number that was just initialized.
                      4.    The FTP client then sends data from the data port it initialized
                  to the data port the server instructed it to use.




                 To determine what port number to use, technicians need to know what port
             number the given software is using.To make that determination easier, there is a list
             of common services that run on computers along with their respective well-known
             ports.This allows the technician to apply the policy of denying by default, and only
             open the specific port necessary for the application to work. For example, if they
             want to allow the Siebel Customer Relations Management application from Oracle
             to work through a firewall, they would check against a port list (or the vendor’s
             documentation) to determine that they need to allow traffic to port 2320 to go
             through the firewall.A good place to search for port numbers and their associated
             services online is on Wikipedia.This list is fairly up-to-date and can help you find
             information on a very large number of services running on all ports.
             (http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers).You will




          www.syngress.com
   375   376   377   378   379   380   381   382   383   384   385