On Wed, Jul 13, 2005 at 11:50:15AM -0700, Cameron Eure wrote: > Package: ftpd > Status: install ok installed > Maintainer: Alberto Gonzalez Iniesta <[EMAIL PROTECTED]> > Architecture: i386 > Version: 0.17-21 > > I'm currently running Debian testing with a few packages from unstable. > > I've discovered a vulnerability which would allow a remote denial of > service attack in the ftpd program. It is caused by someone rapidly > opening a socket, connecting server, then closeing the socket, and > I've written a small example which can be examined below. > > Here's a timeline of what an attack might look like: > > * program rapidly opens a socket, connect()'s, then closes the socket > * inetd redundantly reports: in.ftpd: connect from [host] > * inetd, then, reports the message: ftp/tcp server failing (looping), > service terminated
Right, that's not a bug. It's a feature. And it (as your logs say) is a *inetd* feature, nothing to do with the ftpd server. Take a look at the inetd docs and you'll see how to control that feature. Closing it. Regards, Alberto -- Alberto Gonzalez Iniesta | Formación, consultoría y soporte técnico agi@(inittab.org|debian.org)| en GNU/Linux y software libre Encrypted mail preferred | http://inittab.com Key fingerprint = 9782 04E7 2B75 405C F5E9 0C81 C514 AF8E 4BA4 01C3
