Ports

Port 990: FTPS control

Implicit FTPS control channel. Legacy approach to FTP over TLS.

Where you will see it: You will see this in scans, firewall rules, vulnerability reports, and service configs. Treat open ports as exposure points and verify the service is expected, hardened, and restricted.

What it is

TCP port 990 is associated with the control channel for implicit FTPS. A port is a transport layer number used together with an IP address and a protocol such as TCP or UDP to direct traffic to the correct service on a host.

A server process binds a socket to a port and listens, while a client typically chooses an ephemeral source port for outbound connections. The combination of source and destination IP addresses, source and destination ports, and the transport protocol uniquely identifies a flow so the operating system can keep many conversations separate.

Firewalls, NAT, and scanners talk about ports because the destination port is the stable rendezvous point that exposes a service to the network. With implicit FTPS, a server listens on 990 and the client expects to start a TLS handshake immediately after the TCP connection is established.

Once the secure tunnel is up, the client authenticates and sends FTP control commands inside the encrypted channel. File contents and directory listings still travel over separate data connections, often using configured passive ranges rather than a single fixed port.

Because this two channel behavior is easy to misconfigure, many teams prefer SFTP or HTTPS based transfer flows. If 990 is exposed, treat it like any internet facing authentication service: it can be brute forced, it needs strong TLS and account hygiene, and it should be restricted to known partners where possible.

How it works in broad strokes

  1. Client connects and performs a TLS handshake immediately.
  2. Client authenticates and issues FTP control commands inside the encrypted session.
  3. Data transfers use separate connections and may use configured port ranges rather than a single fixed port.

Concrete example

A scan shows 990 open. You confirm it is an old file transfer integration, then reduce exposure by restricting the source IPs and moving to SFTP on a private network.

Why it matters

Port 990 is important because it often appears on legacy appliances and partner integrations. Security wise, it is better than plaintext FTP, but it still brings FTP complexity and may expand firewall exposure for data channels.

Security angle

  • Prefer SFTP or explicit FTPS on 21 with strong TLS policies.
  • Restrict port ranges and IP sources, and log all access.
  • Regularly review accounts and disable anonymous access unless required.

Common pitfalls

  • Assuming implicit FTPS is the default everywhere. Many clients and servers prefer explicit FTPS on 21.
  • Opening wide port ranges for passive data without restricting who can connect.
  • Leaving anonymous or weak accounts enabled because the transport is encrypted.