Server-to-server file transfers with FTP
Did you know that you could do server-to-server file transfers with FTP? I didn’t; this little gem (usually known as FXP – File eXchange Protocol) was described by davro and g in comments to the FTP Butterfly Effect post.
If you’re using FXP, please write a comment; although I am well aware why it was extremely useful 25 years ago, I’m wondering how many people are actually using it today.
It’s easy to start server-to-server transfers; all the commands you need are available in standard FTP servers. Sending the PASV command to one server and the PORT command to another one establishes a server-to-server data session (see Section 5.2 of RFC 959 for details). The file is then transferred directly between the servers without the involvement of the client host, significantly reducing the client’s bandwidth requirements.
The PORT command pointing to a third-party IP address can be misused to probe otherwise unreachable servers (FTP bounce attack). Most FTP servers are thus unwilling to open TCP sessions to an IP address different from the source IP address of the control session.
FXP requires somewhat modified FTP client (it has to open simultaneous control sessions to two servers). It’s supported by the lftp client available on most linux distributions; if you use Windows, you can use FlashFXP.
4 comments: