ftpd and ipchains problem
From: Herbert Kwong (cancerroach@yahoo.com)Date: 09/21/01
- Previous message: Rob 'Feztaa' Park: "Re: iptables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <20010921055813.32362.qmail@web12108.mail.yahoo.com> Date: Thu, 20 Sep 2001 22:58:13 -0700 (PDT) From: Herbert Kwong <cancerroach@yahoo.com> Subject: ftpd and ipchains problem To: focus-linux@securityfocus.com
Hi,
I am new to this list and just setup ipchains 1.3.10
on my SuSE 7.0 machine.
My input chain is as below:
ipchains -A input -i eth0 -p tcp -d MY_IP 6000:6010 -j
DENY -l
ipchains -A input -i eth0 -p tcp -d MY_IP telnet -j
ACCEPT
ipchains -A input -i eth0 -p tcp -d MY_IP 0:1023 -j
DENY -l
and my inetd.conf has the following line for ftpd:
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l
-L -i -o
I know I should comment this line too as ipchains will
stop any ftp traffic anyway. When I tried to ftp to my
machine, I got timed out and I can see some denied
entries in my log file.
However, after running for some time, I check the log
again and find the following entries:
Sep 20 20:30:43 MY_HOST kernel: Packet log: input DENY
eth0 PROTO-6 FOREIGN_IP:4664 MY_IP:21
Sep 20 20:30:46 MY_HOST kernel: Packet log: input DENY
eth0 PROTO-6 FOREIGN_IP:4664 MY_IP:21
Sep 20 20:30:52 MY_HOST kernel: Packet log: input DENY
eth0 PROTO-6 FOREIGN_IP:4664 MY_IP:21
Sep 20 20:31:03 MY_HOST in.ftpd[4042]: connect from
FOREIGN_IP (FOREIGN_IP)
What is going on? Is my host has other
vulnerabilities?
Regards,
Herbert
__________________________________________________
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/
- Previous message: Rob 'Feztaa' Park: "Re: iptables"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
