Re: connections
On Tue, 2001-12-04 at 22:40, Jim McCloskey wrote:
>
> I know that wu-ftpd has a bad reputation in many quarters for
> security, but I still don't know exactly how or why the thing below is
> happening.
>
> I have /etc/hosts.deny set to:
>
> ALL: ALL
>
> and /etc/hosts.allow set to:
>
> ALL: LOCAL, .foobar.edu
>
> But beside scores of messages in the logs like:
>
> Dec 2 22:49:00 localhost wu-ftpd[466]: refused connect from
> adsl-61892.turboline.skynet.be
>
> I occasionally also see:
>
> Nov 25 17:30:46 localhost wu-ftpd[3869]: connection from
> apache.netics.net [195.223.184.81]
> Nov 25 17:30:50 localhost wu-ftpd[3869]: lost connection to
> apache.netics.net [195.223.184.81]
> Nov 25 17:30:50 localhost wu-ftpd[3869]: FTP session closed
>
> Nov 25 19:41:34 localhost wu-ftpd[3908]: connection from
> f144170.upc-f.chello.nl [80.56.144.170]
> Nov 25 19:41:34 localhost wu-ftpd[3908]: FTP LOGIN REFUSED (ftp not in
> /etc/passwd) FROM f144170.upc-f.chello.nl [80.56.144.170], anonymous
> Nov 25 19:41:35 localhost wu-ftpd[3908]: FTP session closed
>
> which indicate connection-attempts which were not refused right away.
> Should I assume that these are connection-attempts from the local
> domain, with counterfeit IP addresses and hostnames supplied to the
> logging system?
tcpwrapper only works on inetd activated ports. wu-ftpd runs as a daemon
and is not filtered by tcp-wrapper (same for apache)
Michel.
Reply to:
- References:
- connections
- From: Jim McCloskey <mcclosk@ling.ucsc.edu>