Date: Fri, 4 May 2001 11:43:13 -0500 From: Lucas Bergman <lucas@slb.to> To: Vicky@Vic.ky Cc: freebsd-questions@freebsd.org Subject: Re: ftpd question. Message-ID: <20010504114313.B7459@billygoat.slb.to> In-Reply-To: <20010504151429.464.cpmta@c001.snv.cp.net>; from Vicky@Vic.ky on Fri, May 04, 2001 at 08:14:29AM -0700 References: <20010504151429.464.cpmta@c001.snv.cp.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Vicky -- > To: freebsd-questions@freebsd.org > Cc: freebsd-docs@freebsd.org Please don't do that. Mailing -questions and another list is almost always wrong. > I have this on my syslog: > > ftpd[65051]: getpeername (/usr/libexec/ftpd): Socket is not connected > > What is that and how to avoid this from happening again?.. It most likely means that somebody connected to your machine on port 21, then disconnected very quickly. By the time the ftpd daemon got spawned and tried to lookup the source host address/port, the socket was disconnected. It's probably no big deal, unless it starts happening a lot. > I kinda worried since I heard many news about ftpd bugs which can > give ppl a root access. That recent bug had to do with globbing. One can't exploit it unless one actually sends file manipulation commands to the server, and this log message indicates that the connection never got that far. If this happens a lot, though, somebody may be trying something funny unrelated to the globbing bug. If you're feeling paranoid, give tcpserver the -v option, and run multilog in /service/ftpd/log or whatever. Then, you can see if lots of half-assed connections are coming from one address or net. > PS: I ran ftpd not from inetd but with tcpserver and I don't run any > process which needed inetd. A.K.A: inetd is OFF. Good for you. The same thing probably would have happened with inetd, as it turns out. Since you were using a TCP super-server (like most do), ftpd didn't accept() the connection itself, so it had to use getpeername() to get the source host address of the socket that the super-server accept()'ed; it's standard operating procedure. If you're a Unix/C hacker, the usual Stevens books on Unix network programming will help those last couple of sentences make sense. > From: Vicky <vicky@vic.ky> Nice domain name. Lucas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010504114313.B7459>