Hi Mark, Mark Bucciarelli wrote on Thu, Mar 12, 2009 at 03:51:18PM -0500:
> Can I tell ftpd to log the IP of the remote host instead of the > remote host name? No. In /usr/src/libexec/ftpd/ftpd.c, the function "dolog" unconditionally calls getnameinfo(3) without any flags to find the remote hostname. The resulting string is used for all logging purposes. > I suspect a forged PTR and can't find the remote host IP in the logs. At connect time, the IP is reverse mapped to a hostname. You get the numeric IP in the logs if and only if the reverse mapping fails. Thus, you are out of luck, short of patching the NI_NUMERICHOST option into the getnameinfo call mentioned above (which i don't recommend). But of course, you can use pf(4) to log the SYN packets of incoming FTP control connections. See pf.conf(5) and pfctl(8) for details. Probably, that's the easiest way to get the information you want. > Current FTP options are -lDan on a 4.2 install. Uuh, OpenBSD 4.2 is unmaintained for more than half a year now. In case you value correctness and security, consider regularly upgrading you system at least once a year. The upgrade process is relatively painless, in particular when you do it for every release, i.e. twice a year. Yours, Ingo
