FTP Service Registry Entries

Registry Path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Parameters

Default Value

0 (disabled)

Description

The FTP service supports annotating a directory with custom messages. The annotation text is stored in a file named ~ftpsvc~.ckm in the directory to be annotated. If ~ftpsvc~.ckm exists in the target directory of a Change Directory (CWD - Change Working Directory) FTP operation, the FTP service responds with the contents of this file for the operation. This provides a way for administrators to add custom messages for directories under consideration. By default, the service is configured to not send annotation text. If you choose to add a custom message, you should also create the annotation file. Also, you should make the annotation file a hidden file so that the file does not appear on a directory listing.

Registry Path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Parameters\

Default Value

1

Description

This entry specifies the number of seconds (grace period) during which the cached value for anonymous home directory will still be used after the interval in AnonymousHomeDirInfoInterval expires. After the grace period expires, the entries in the cache are updated and the requests will receive the new updated entries. The first request made after that time will update the cached entry. Although the range of values allows up to the maximum for DWORD properties, it is recommended that you keep this value low.

Registry Path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Parameters\

Default Value

10

Description

This entry specifies the number of seconds during which the entry of the anonymous home directory is cached. The first anonymous login made after that time will update the cached entry. Although the range of values allows up to the maximum for DWORD properties, you should consider potential changes in the home directory path when you decide on the value set for this registry key.

Registry Path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Parameters\

Default Value

0 (disabled)

Description

This entry enables caching of the anonymous home directory. Caching the anonymous home directory helps to avoid having the FTP server refuse anonymous connections when the home directory resides on an UNC share and too many users are already connected. In such cases, you may see FTP event message number 8: "FTP Server could not create a client worker thread for user at host %1. The connection to this user is terminated. The data is the error."

When this key is enabled, the cache will have a 10 second refresh interval and a 1 second grace period, both of which are configurable--respectively--in the registry keys AnonymousHomeDirInfoInterval and AnonymousHomeDirInfoGrace.

Registry Path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Parameters

Default Value

0 (disabled)

Description

This entry is disabled by default to prevent a security problem in the FTP protocol specification. Because EnablePortAttack is disabled by default, you should enable this flag if you want users to connect by using other ports as specified in the FTP RFC. The FTP service specification allows passive connections to be established based on the port address given by the client. This can allow malicious users to execute destructive commands in the FTP service. The problem occurs when the FTP service makes a connection to a client using a port other than FTP Data port (20) and that port number is less than IP_PORT_RESERVED (1024). EnablePortAttack controls whether or not such an attack should be allowed. By default, the service does not make any connections to port numbers lower than IP_PORT_RESERVED (other than 20).

Registry Path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Parameters\

Default Value

0 (disabled)

Description

The FTP service uses uppercase for file names. In order for comparisons with case-sensitive file systems to work, you need to ensure that the exact file names are compared. Administrators can add LowercaseFiles to the registry to ensure that the FTP service also uses lowercase for such comparisons.

Registry Path

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSFTPSVC\Parameters\

Default Value

60

Description

This registry value is intended for advanced users. When FTP clients initiate passive file transfer operations, the FTP server uses asynchronous network notification to wait for the actual client connection to a passive data socket. By default, the FTP server allows 60 passive file transfer operations to be queued simultaneously. Once the queue reaches 60, subsequent client requests receive error 451: Too many Passive Users. Client connections remain in this transient state for a short time, between issuing a file transfer command (e.g. RETR, STOR) and connecting the data channel to the passive socket. For this reason, this error can only occur in one of the following scenarios:

1. A DoS attack has issued concurrent file transfer commands without actually connecting to the data socket.
   
   
2. An extremely large number of concurrent users are transferring files in passive mode (which is possible on slow networks).
   
   

Consistent failure with the above error may indicate a DoS attack. However, sporadic failures at peak usage times may indicate valid usage of this registry value.