Definition

passive FTP

Passive FTP (sometimes referred to as PASV FTP because it involves the FTP PASV command) is a more secure form of data transfer in which the flow of data is set up and initiated by the File Transfer Program (FTP) client rather than by the FTP server program. Separate FTP client programs, such as WS_FTP Pro, usually allow the user to select passive FTP. Most Web browsers (which act as FTP clients) use passive FTP by default because corporations prefer it as a safety measure. As a general rule, any coprorate firewall server, which exists in order to protect an internal network from the outside world, recognizes input from the outside only in response to user requests that were sent out requesting the input. The use of passive FTP ensures all data flow initiation comes from inside the network rather than from the outside.

How It Works

Using normal or passive FTP, a client begins a session by sending a request to communicate through TCP port 21, the port that is conventionally assigned for this use at the FTP server. This communication is known as the Control Channel connection.

Using "normal" FTP communication, the client requestor also includes in the same PORT command packet on the Control Channel a second port number that is to be used when data is to be exchanged; the port-to-port exchange for data is known as the Data Channel. The FTP server then initiates the exchange from its own port 20 to whatever port was designated by the client. However, because the server-initiated communication is no longer controlled by the client and can't be correlated by a firewall to the initial request, the potential exists for uninvited data to arrive from anywhere posing as a normal FTP transfer.

Using passive FTP, a PASV command is sent instead of a PORT command. Instead of specifying a port that the server can send to, the PASV command asks the server to specify a port it wishes to use for the Data Channel connection. The server replies on the Control Channel with the port number which the client then uses to initiate an exchange on the Data Channel. The server will thus always be responding to client-initiated requests on the Data Channel and the firewall can coorelate these.

This was last updated in September 2005
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchNetworking.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: