Date: Fri, 4 May 2001 12:58:05 -0400 From: "Jonathan Fortin" <jfortin@akalink.com> To: <lucas@slb.to> Cc: <questions@freebsd.org> Subject: Re: ftpd question. Message-ID: <00cb01c0d4bb$639ed3a0$020a10ac@node00> References: <20010504151429.464.cpmta@c001.snv.cp.net> <20010504114313.B7459@billygoat.slb.to>
next in thread | previous in thread | raw e-mail | index | archive | help
I would recommend running ftpd with the -D switch.
----- Original Message -----
From: "Lucas Bergman" <lucas@slb.to>
To: <Vicky@Vic.ky>
Cc: <freebsd-questions@freebsd.org>
Sent: Friday, May 04, 2001 12:43 PM
Subject: Re: ftpd question.
> Hi, Vicky --
>
> > To: freebsd-questions@freebsd.org
> > Cc: freebsd-docs@freebsd.org
>
> Please don't do that. Mailing -questions and another list is almost
> always wrong.
>
> > I have this on my syslog:
> >
> > ftpd[65051]: getpeername (/usr/libexec/ftpd): Socket is not connected
> >
> > What is that and how to avoid this from happening again?..
>
> It most likely means that somebody connected to your machine on port
> 21, then disconnected very quickly. By the time the ftpd daemon got
> spawned and tried to lookup the source host address/port, the socket
> was disconnected. It's probably no big deal, unless it starts
> happening a lot.
>
> > I kinda worried since I heard many news about ftpd bugs which can
> > give ppl a root access.
>
> That recent bug had to do with globbing. One can't exploit it unless
> one actually sends file manipulation commands to the server, and this
> log message indicates that the connection never got that far.
>
> If this happens a lot, though, somebody may be trying something funny
> unrelated to the globbing bug. If you're feeling paranoid, give
> tcpserver the -v option, and run multilog in /service/ftpd/log or
> whatever. Then, you can see if lots of half-assed connections are
> coming from one address or net.
>
> > PS: I ran ftpd not from inetd but with tcpserver and I don't run any
> > process which needed inetd. A.K.A: inetd is OFF.
>
> Good for you. The same thing probably would have happened with inetd,
> as it turns out. Since you were using a TCP super-server (like most
> do), ftpd didn't accept() the connection itself, so it had to use
> getpeername() to get the source host address of the socket that the
> super-server accept()'ed; it's standard operating procedure. If
> you're a Unix/C hacker, the usual Stevens books on Unix network
> programming will help those last couple of sentences make sense.
>
> > From: Vicky <vicky@vic.ky>
>
> Nice domain name.
>
> Lucas
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00cb01c0d4bb$639ed3a0$020a10ac>