FTP is used to send, edit and receive files over a TCP/IP connection and consists of a server and a client. Almost every TCP/IP host has a built-in FTP client, and most servers have an FTP server program.
FTP uses two ports for communication. The control connection port, TCP port 21, remains open during the entire FTP session, and it is used to send control messages and client commands between the client and server. A data connection is established using an ephemeral port and is created each time a file is transferred between the client and server, sometimes several times during the entire FTP session. Difficult to exploit directly, hackers are able to exploit FTP servers indirectly.

FTP servers may not require authentication from the client; when authentication is required, all user names and passwords are sent in plain text.
A common exploit is to find an FTP server that accepts anonymous connections and has write access. Hackers can then upload erroneous information to fill up the entire hard disk space. This action is done in hopes that the FTP server is installed on the hard disk that contains the operating system. If the hard disk or log files are filled with false information from the hacker, the overload could cause the system to crash. The hacker then attempts to break into the operating system or other services without being detected by the log files.