On Tue, 2001-12-04 at 22:40, Jim McCloskey wrote: > > I know that wu-ftpd has a bad reputation in many quarters for > security, but I still don't know exactly how or why the thing below is > happening. > > I have /etc/hosts.deny set to: > > ALL: ALL > > and /etc/hosts.allow set to: > > ALL: LOCAL, .foobar.edu > > But beside scores of messages in the logs like: > > Dec 2 22:49:00 localhost wu-ftpd[466]: refused connect from > adsl-61892.turboline.skynet.be > > I occasionally also see: > > Nov 25 17:30:46 localhost wu-ftpd[3869]: connection from > apache.netics.net [195.223.184.81] > Nov 25 17:30:50 localhost wu-ftpd[3869]: lost connection to > apache.netics.net [195.223.184.81] > Nov 25 17:30:50 localhost wu-ftpd[3869]: FTP session closed > > Nov 25 19:41:34 localhost wu-ftpd[3908]: connection from > f144170.upc-f.chello.nl [80.56.144.170] > Nov 25 19:41:34 localhost wu-ftpd[3908]: FTP LOGIN REFUSED (ftp not in > /etc/passwd) FROM f144170.upc-f.chello.nl [80.56.144.170], anonymous > Nov 25 19:41:35 localhost wu-ftpd[3908]: FTP session closed > > which indicate connection-attempts which were not refused right away. > Should I assume that these are connection-attempts from the local > domain, with counterfeit IP addresses and hostnames supplied to the > logging system?
tcpwrapper only works on inetd activated ports. wu-ftpd runs as a daemon and is not filtered by tcp-wrapper (same for apache) Michel.