This is about … .
FTP
Port 20: for data exchange Port 21: establishing connection and command channel
Active mode
No firewall in between. The server initiates a connection for data transfer. That means more risk for the client.
Steps
Client ð opens a port, say, 1069
.
The client ð then informs the server ðļ via the PORT 1069
command over the server’s 21
st port.
The server connects to this port and sends the data from its 20
th port.
Why is it more risky for the client? Because the client ð is open for connections for some time. Most often, the firewall blocks most of the connections not initiated by the client. To allow this mode to work, one must allow the inbound connection, which might be risky. Also, the client ð is sharing its IP address and port number. What if the server is not untrusted? What if these requests are logged somewhere?
Passive mode
This mode is usually used when the client ð has a firewall that blocks incoming connections. It means less risk for the client and more risk for the server ðļ.
Steps
The client ð sends a PASV
to the 21
st port of the server ðļ basically saying “I want to use the passive mode”.
ð BTFM
ABOR
LIST
DELE
MKD
PWD
QUIT
...