Fedora Linux Support Community & Resources Center
Old 28th November 2010, 11:06 PM
glennzo Online
Un-Retired Administrator
Join Date: Mar 2004
Location: In your closet
Posts: 15,550
Re: FTP Port

Originally Posted by forkbomb View Post
Eek! I really don't know why people still bother with FTP. It's a legacy protocol, has no build-in encryption, and wreaks havoc on firewalls.

I only skimmed the thread, so sorry if this is repeating something, but it seems the original question hasn't been properly addressed. Okay, deep breath...

There's rarely a technical reason why you can't put a service on any port you desire (between 1 and 65535), assuming you're not trying to run two services on the same machine that are trying to bind to the same port. Most server softwares allow you to pick a port for the daemon to listen on. You could technically have a machine with sshd and httpd, but flip their port numbers so that HTTP is on 22 and ssh is on 80 (not that you'd want to do that).

However (and I realize most people couldn't give two rips about this), by IANA's port number assignments, you're supposed to use 49152-65535 if you desire to run a service on a nonstandard port. So if one wants to stay IANA and RFC compliant, it's not a matter as simple as saying "pick whatever you want."

It's also worth noting that FTP is more complicated than just running on port 21. 21 is the command port. The protocol also uses port 20 for data transfer. (Clients use a port in the dynamic range to speak to the server.) Without getting even more wordy, suffice it to say FTP is a massive PITA from a firewalling standpoint, and one reason why the protocol should be relegated to the dustbin of history (another is the lack of native encryption).

Anywho, Glenn, I believe you already had a thread talking about denyhosts and fail2ban, so I think you're already running SSH. If it were my rodeo I'd just stick with SFTP and call it a day. The SFTP functionality is enabled by default on most distros I've seen with an ssh daemon, and most good graphical FTP clients can use SFTP as well. (Also, don't let the acronyms confuse you. SFTP is a "subsystem" of SSH and really has nothing to do with the original, legacy FTP. Of course, don't get it confused with FTPS or FTPES either. ) Any naughty IPs you block via something like denyhosts or fail2ban apply to SFTP, too.

As for port number obfuscation: meh. It might be worth it, if you're running services for your own use, but only to save some traffic on the interface and keep your logs cleaner. You'll only momentarily delay a real threat who knows what he's doing.
Hrumph! And all I wanted to do was play with FTP. I have no real need for it. Just wanted to make it work, more for something interesting to do than any other reason. So if there is no "best" FTP server then the "best" FTP server is one that is turned off I guess.

Now, if I understand some of what's been said in this thread then these are the facts that I've gathered, genius that I am
1. Disabling anonymous logins helps, a little.
2. Moving to a different port helps (at least where it concerns script kiddies)
3. chrooting the only user that is allowed in helps, a little.
4. The only good FTP server is a dead one.
5. Everyone has a different opinion on what the best server is.
6. I'm more confused than I was in post 1.
7. I'm wasting my time if I have no real need for FTP.
8. I'm opening myself up to intrusion by opening unnecessary ports.
The Bassinator
© ®
Reply With Quote
Old 29th November 2010, 03:20 AM
jpollard Offline
Registered User
Join Date: Aug 2009
Location: Waldorf, Maryland
Posts: 7,346
Re: FTP Port

you got it.
Reply With Quote

ftp, port

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
converting postfix port 25 to a port that is not blocked mjr Servers & Networking 3 2nd October 2007 03:21 AM
port 3420 ifcp-port What is it? urzasrage Security and Privacy 1 20th April 2006 09:21 PM
turn off http port 80, keep https port 443 lothario Servers & Networking 11 11th February 2005 05:32 AM

Current GMT-time: 11:41 (Sunday, 20-08-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat