TCP 20
Synopsis
- TCP port 20 is used by the FTP protocol for the server-side data connection in active mode (the server opens the data channel from port 20 to the client).
- Real FTP servers that use this include vsftpd, ProFTPD, Pure-FTPd, FileZilla Server, and Microsoft IIS FTP Server when active mode is enabled.
- Many NAS and appliance platforms (e.g., Synology DSM FTP service and QNAP’s FTP Server) also use TCP/20 for active-mode data transfers.
- Legacy Unix ftpd implementations (e.g., OpenBSD/NetBSD ftpd) likewise use TCP/20 for active-mode data channels.
- Windows Server’s built-in FTP service (IIS) uses TCP/20 as the source port for data connections in active mode in production deployments.
- Although passive mode is common today (using high ports), active-mode FTP—and thus TCP/20—remains in use on internal networks and legacy setups.
- Security note: active-mode FTP and TCP/20 are historically linked to the FTP bounce attack (abusing the PORT command to relay connections) and to firewall misconfigurations that overly trust traffic sourced from port 20.
Observed activity
Last 30 days
Detailed chart