Date: Fri, 4 May 2001 12:58:05 -0400 From: "Jonathan Fortin" <jfortin@akalink.com> To: <lucas@slb.to> Cc: <questions@freebsd.org> Subject: Re: ftpd question. Message-ID: <00cb01c0d4bb$639ed3a0$020a10ac@node00> References: <20010504151429.464.cpmta@c001.snv.cp.net> <20010504114313.B7459@billygoat.slb.to>
next in thread | previous in thread | raw e-mail | index | archive | help
I would recommend running ftpd with the -D switch. ----- Original Message ----- From: "Lucas Bergman" <lucas@slb.to> To: <Vicky@Vic.ky> Cc: <freebsd-questions@freebsd.org> Sent: Friday, May 04, 2001 12:43 PM Subject: Re: ftpd question. > Hi, Vicky -- > > > To: freebsd-questions@freebsd.org > > Cc: freebsd-docs@freebsd.org > > Please don't do that. Mailing -questions and another list is almost > always wrong. > > > I have this on my syslog: > > > > ftpd[65051]: getpeername (/usr/libexec/ftpd): Socket is not connected > > > > What is that and how to avoid this from happening again?.. > > It most likely means that somebody connected to your machine on port > 21, then disconnected very quickly. By the time the ftpd daemon got > spawned and tried to lookup the source host address/port, the socket > was disconnected. It's probably no big deal, unless it starts > happening a lot. > > > I kinda worried since I heard many news about ftpd bugs which can > > give ppl a root access. > > That recent bug had to do with globbing. One can't exploit it unless > one actually sends file manipulation commands to the server, and this > log message indicates that the connection never got that far. > > If this happens a lot, though, somebody may be trying something funny > unrelated to the globbing bug. If you're feeling paranoid, give > tcpserver the -v option, and run multilog in /service/ftpd/log or > whatever. Then, you can see if lots of half-assed connections are > coming from one address or net. > > > PS: I ran ftpd not from inetd but with tcpserver and I don't run any > > process which needed inetd. A.K.A: inetd is OFF. > > Good for you. The same thing probably would have happened with inetd, > as it turns out. Since you were using a TCP super-server (like most > do), ftpd didn't accept() the connection itself, so it had to use > getpeername() to get the source host address of the socket that the > super-server accept()'ed; it's standard operating procedure. If > you're a Unix/C hacker, the usual Stevens books on Unix network > programming will help those last couple of sentences make sense. > > > From: Vicky <vicky@vic.ky> > > Nice domain name. > > Lucas > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00cb01c0d4bb$639ed3a0$020a10ac>