On 29-Aug-2000, Chris D. Faulhaber popped this into my mailspool:
> The following got no response on -security two weeks ago. Perhaps
> -current will have more opinions.
> ---------- Forwarded message ----------
> I have found quite a few commands that ftpd shouldn't necessarily be
> responding to if the user hasn't logged in. In total, the following
> commands are taught to not talk to strangers: TYPE, STRU, MODE, ALLO,
> ABOR, SITE IDLE, SYST, REST. Many of these were obtained from OpenBSD.
I'd like to see these get in myself -- I had no idea that SYST was
available without login (not that 6.00LS doesn't advertise itself)..
It appears that NetBSD also behaves this way.
Makes sense to me in any case.
Any reason why our banner still says 6.0 (wouldn't this make it
6.0.1?), and SYST still returns the original "BSD-199506", even though
it definitely been changed in many significant ways since 1995? This
has bugged me for years :)
BTW, anyone ever notice that ftp.openbsd.org is (more then likely it
just claims to be) SunOS 4.1?
thomas r. stromberg : [EMAIL PROTECTED]
senior systems administrator, rtci : http://www.afterthought.org/
\( freebsd - turning doorstops into production webservers )/