TABLE OF CONTENTS FTP is used to transfer files between hosts, and to manipulate files on a remote host.
FTP clients and servers exchange commands and response codes over a control connection, and send and receive files over data connections.
FTP provides no server authentication, no encryption, and no integrity checking, leaving it vulnerable to a variety of attacks.
DNS is a distributed database that is used to store name to-IP-address mappings as well as other information for domain names.
DNS is organized into a hierarchical structure, with root name servers at the top and the TLD name servers below them. DNS servers recursively traverse the tree to look up IP addresses for names.
DNS is susceptible to a variety of attacks that could lead to DoS, provide an attacker with information on a target network, or cause legitimate names to resolve to malicious IP addresses.
Like FTP and DNS, many other popular application-layer protocols were designed long before security was an issue, and therefore lack security features in their designs.
SMTP, which is the most popular e-mail delivery protocol used today, is usually deployed with little or no authentication or encryption in place. Protocols that are used for e-mail retrieval, such as POP3, often suffer from similar security issues such as lack of encryption.
The Telnet protocol, which is one of the most commonly used remote shell protocols, transmits user credentials and other shell traffic in...
