From owner-freebsd-questions Fri May 4 9:42:58 2001 Delivered-To: freebsd-questions@freebsd.org Received: from dsl-64-193-218-89.telocity.com (dsl-64-193-218-89.telocity.com [64.193.218.89]) by hub.freebsd.org (Postfix) with SMTP id 22B9D37B43C for ; Fri, 4 May 2001 09:42:55 -0700 (PDT) (envelope-from lucas@slb.to) Received: (qmail 9366 invoked by uid 1000); 4 May 2001 16:43:13 -0000 Date: Fri, 4 May 2001 11:43:13 -0500 From: Lucas Bergman To: Vicky@Vic.ky Cc: freebsd-questions@freebsd.org Subject: Re: ftpd question. Message-ID: <20010504114313.B7459@billygoat.slb.to> Reply-To: lucas@slb.to References: <20010504151429.464.cpmta@c001.snv.cp.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010504151429.464.cpmta@c001.snv.cp.net>; from Vicky@Vic.ky on Fri, May 04, 2001 at 08:14:29AM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, Vicky -- > To: freebsd-questions@freebsd.org > Cc: freebsd-docs@freebsd.org Please don't do that. Mailing -questions and another list is almost always wrong. > I have this on my syslog: > > ftpd[65051]: getpeername (/usr/libexec/ftpd): Socket is not connected > > What is that and how to avoid this from happening again?.. It most likely means that somebody connected to your machine on port 21, then disconnected very quickly. By the time the ftpd daemon got spawned and tried to lookup the source host address/port, the socket was disconnected. It's probably no big deal, unless it starts happening a lot. > I kinda worried since I heard many news about ftpd bugs which can > give ppl a root access. That recent bug had to do with globbing. One can't exploit it unless one actually sends file manipulation commands to the server, and this log message indicates that the connection never got that far. If this happens a lot, though, somebody may be trying something funny unrelated to the globbing bug. If you're feeling paranoid, give tcpserver the -v option, and run multilog in /service/ftpd/log or whatever. Then, you can see if lots of half-assed connections are coming from one address or net. > PS: I ran ftpd not from inetd but with tcpserver and I don't run any > process which needed inetd. A.K.A: inetd is OFF. Good for you. The same thing probably would have happened with inetd, as it turns out. Since you were using a TCP super-server (like most do), ftpd didn't accept() the connection itself, so it had to use getpeername() to get the source host address of the socket that the super-server accept()'ed; it's standard operating procedure. If you're a Unix/C hacker, the usual Stevens books on Unix network programming will help those last couple of sentences make sense. > From: Vicky Nice domain name. Lucas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message