From owner-freebsd-questions Fri May 4 9:55:26 2001 Delivered-To: freebsd-questions@freebsd.org Received: from mail.akalink.com (akalink.com [64.23.81.14]) by hub.freebsd.org (Postfix) with SMTP id 8B5A737B424 for ; Fri, 4 May 2001 09:55:19 -0700 (PDT) (envelope-from jfortin@akalink.com) Received: (qmail 7323 invoked from network); 4 May 2001 16:53:15 -0000 Received: from unknown (HELO node00) (64.23.81.14) by akalink.com with SMTP; 4 May 2001 16:53:15 -0000 Message-ID: <00cb01c0d4bb$639ed3a0$020a10ac@node00> Reply-To: "Jonathan Fortin" From: "Jonathan Fortin" To: Cc: References: <20010504151429.464.cpmta@c001.snv.cp.net> <20010504114313.B7459@billygoat.slb.to> Subject: Re: ftpd question. Date: Fri, 4 May 2001 12:58:05 -0400 Organization: Akalink Communications MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I would recommend running ftpd with the -D switch. ----- Original Message ----- From: "Lucas Bergman" To: Cc: Sent: Friday, May 04, 2001 12:43 PM Subject: Re: ftpd question. > Hi, Vicky -- > > > To: freebsd-questions@freebsd.org > > Cc: freebsd-docs@freebsd.org > > Please don't do that. Mailing -questions and another list is almost > always wrong. > > > I have this on my syslog: > > > > ftpd[65051]: getpeername (/usr/libexec/ftpd): Socket is not connected > > > > What is that and how to avoid this from happening again?.. > > It most likely means that somebody connected to your machine on port > 21, then disconnected very quickly. By the time the ftpd daemon got > spawned and tried to lookup the source host address/port, the socket > was disconnected. It's probably no big deal, unless it starts > happening a lot. > > > I kinda worried since I heard many news about ftpd bugs which can > > give ppl a root access. > > That recent bug had to do with globbing. One can't exploit it unless > one actually sends file manipulation commands to the server, and this > log message indicates that the connection never got that far. > > If this happens a lot, though, somebody may be trying something funny > unrelated to the globbing bug. If you're feeling paranoid, give > tcpserver the -v option, and run multilog in /service/ftpd/log or > whatever. Then, you can see if lots of half-assed connections are > coming from one address or net. > > > PS: I ran ftpd not from inetd but with tcpserver and I don't run any > > process which needed inetd. A.K.A: inetd is OFF. > > Good for you. The same thing probably would have happened with inetd, > as it turns out. Since you were using a TCP super-server (like most > do), ftpd didn't accept() the connection itself, so it had to use > getpeername() to get the source host address of the socket that the > super-server accept()'ed; it's standard operating procedure. If > you're a Unix/C hacker, the usual Stevens books on Unix network > programming will help those last couple of sentences make sense. > > > From: Vicky > > Nice domain name. > > Lucas > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message