(I missed the start of this thread, so if the answer is a bit off track,
please ignore it)
> >1. How do you know somebody's download has finished?
> > -- Does the 'c or i' at the endof each entry indicate this?
Keep in mind though that this c or i may be somewhat misleading if the
person is using a download accelerator (though it's a bit of a misnomer -
they rarely accelerate anything). I say misleading because the download
accelerator may open several simultaneous connections, request a transfer
beginning from a particular offset in the file on each connection then
send an abort when one transfer reaches the offset at which another was
begun.
This said, if you're running something like xinetd (www.xinetd.org) in
place of your regular inetd and you're restricting FTP connections to one
per host with it, they can use their download accelerator till the cows
come home - they'll only ever get one active transfer at a time.
> > 2. How much time the client took to download this file?
This is usually in the log. Position often differs depending on the ftpd.
> > 3. How many paralel connections had he opened?
If you're using something that restricts the number any one user on any
one IP address can open, does it matter?
> Your ftp server probably has a command 'ftpwho' which will tell you about
> current connections to the ftp server. You'll know that they've finished
> because they'll no longer be connected.
And ftpwho is a classic feature of wuftpd, the remote rootkit that just
happens to act as an FTP server sometimes. (One wonders why an
organisation like AusCERT uses _and_ mirrors a bit of software with such a
tainted history in the area of security-critical faults?!).
In place of this, you may like to check out vsftpd (very secure ftpd),
which is put together by Chris Evans (he runs the Linux Security Audit
List) and comes with a document detailing the auditing that's gone into
it.
http://freshmeat.net/projects/vsftpd/
In any case, make sure your OS is patched for the various globbing bugs
that have caused a couple of ftpds some problems in the past. The bug
isn't actually in the ftpd - it's in libc/glibc - you should look for
something like this from your distro maker:
http://www.trustix.net/errata/misc/2001/TSL-2001-0029-glibc.asc.txt
https://www.redhat.com/support/errata/RHSA-2001-160.html
(globbing is a something that gets used when you do something like mget porn*)
Grant
-------------------------------------------------------
Grant Bayley [EMAIL PROTECTED]
-Admin @ AusMac Archive, Wiretapped.net, 2600 Australia
www.ausmac.net www.wiretapped.net www.2600.org.au
-------------------------------------------------------
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
