FTP - 20 21

Transmits data, including credentials, in plaintext, making it vulnerable to sniffing.

FTP bounce attacks can use the protocol to scan ports or launch attacks from a compromised server.

Lacks built-in encryption or authentication mechanisms.

Replace FTP with secure alternatives like FTPS or SFTP.

Disable anonymous access and enforce strong passwords.

Restrict FTP access to specific IP ranges using a firewall.

Monitor logs for unusual activity.

Unusual file uploads or downloads.

High volumes of traffic on port 21 (TCP).

Unencrypted credentials are visible in network captures.