Re: connections

[Michel Loos <loos@qt1.iq.usp.br>]

On Tue, 2001-12-04 at 22:40, Jim McCloskey wrote:
> 
> I know that wu-ftpd has a bad reputation in many quarters for
> security, but I still don't know exactly how or why the thing below is
> happening.
> 
> I have /etc/hosts.deny set to:
> 
>    ALL: ALL 
> 
> and /etc/hosts.allow set to:
> 
>    ALL: LOCAL, .foobar.edu
> 
> But beside scores of messages in the logs like:
> 
> Dec  2 22:49:00 localhost wu-ftpd[466]: refused connect from
>     adsl-61892.turboline.skynet.be
> 
> I occasionally also see:
> 
> Nov 25 17:30:46 localhost wu-ftpd[3869]: connection from
>     apache.netics.net [195.223.184.81]
> Nov 25 17:30:50 localhost wu-ftpd[3869]: lost connection to
>     apache.netics.net [195.223.184.81]
> Nov 25 17:30:50 localhost wu-ftpd[3869]: FTP session closed
> 
> Nov 25 19:41:34 localhost wu-ftpd[3908]: connection from
>     f144170.upc-f.chello.nl [80.56.144.170]
> Nov 25 19:41:34 localhost wu-ftpd[3908]: FTP LOGIN REFUSED (ftp not in
>     /etc/passwd) FROM f144170.upc-f.chello.nl [80.56.144.170], anonymous
> Nov 25 19:41:35 localhost wu-ftpd[3908]: FTP session closed
> 
> which indicate connection-attempts which were not refused right away.
> Should I assume that these are connection-attempts from the local
> domain, with counterfeit IP addresses and hostnames supplied to the
> logging system?

tcpwrapper only works on inetd activated ports. wu-ftpd runs as a daemon
and is not filtered by tcp-wrapper (same for apache)

Michel.