From owner-freebsd-security Sun Jun 6 10:55:20 1999 Delivered-To: freebsd-security@freebsd.org Received: from alecto.physics.uiuc.edu (alecto.physics.uiuc.edu [130.126.8.20]) by hub.freebsd.org (Postfix) with ESMTP id 0E08114BCF for ; Sun, 6 Jun 1999 10:55:18 -0700 (PDT) (envelope-from igor@alecto.physics.uiuc.edu) Received: (from igor@localhost) by alecto.physics.uiuc.edu (8.9.0/8.9.0) id MAA03136 for freebsd-security@freebsd.org; Sun, 6 Jun 1999 12:55:18 -0500 (CDT) From: Igor Roshchin Message-Id: <199906061755.MAA03136@alecto.physics.uiuc.edu> Subject: Q.: any new ftp vulnerabilities ? To: freebsd-security@freebsd.org Date: Sun, 6 Jun 1999 12:55:17 -0500 (CDT) X-Mailer: ELM [version 2.4ME+ PL43 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello! I have observed a few occasions when some people were establishing multiple connections to the ftp server within the last week (there is no anonymous access, so it should not be "by mistake"). Usually, the logs do not indicate any attempt of login, even as anonymous. The frequency of connects (reported by tcpwrapper) is not too high, but probably indicated that those are launched by a script (about 25-35 connections within 2-5 minutes). I haven't seen any new security hole or DOS vulnerability in any ftpd recently (except the one found in February or so, regarding the realpath, and some similar issues, but that hole would not require multiple connects), so I wonder if anybody has observed anything similar, and if anybody knows of any new vulnerability ? IgoR PS. The machine is running 2.2.7 and wu-ftpd-2.4.2v17. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message