Re: ftpd - security thread ?
François TOURDE un jour écrivit: > Le 13639ième jour après Epoch, > Lubos Rendek écrivait: >> Can anyone explain why is this happening? Why is my box connecting to >> that IP address without me actually knowing about that? > > Perhaps it's because ftp.wa.au.debian.org (aka poledra.it.net.au) is > listed in http://www.fr.debian.org/CD/http-ftp/ as a Debian mirror ? > :) I first tough It could be him simply downloading this package from an autralian http mirror. I found out to effectively be the IP for ftp.wa.au.debian.org, but I received your email only when I was about to answer. How to reproduce It? apt-get -Vu remove --purge ftpd Then your next installation will again download ftpd from this mirror. Unless me missed something, problem solved. Simon Valiquette -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: ftpd - security thread ?
Le 13639ième jour après Epoch, Lubos Rendek écrivait: > Hello, > > Recently I have played with ftpd package from stable repository and I > have discovered that every time the package gets installed it connects > to certain IP address on port 80. [...] > running reverse dig command: > dig -x 203.8.116.111 > > ;; ANSWER SECTION: > 111.116.8.203.in-addr.arpa. 21600 INPTR poledra.it.net.au. > > > I get poledra.it.net.au and a web browser reveals : > "Hello. Welcome to the FTP archives of Informed Technology." > > > This web page is run by company http://www.it.net.au. > > Can anyone explain why is this happening? Why is my box connecting to > that IP address without me actually knowing about that? Perhaps it's because ftp.wa.au.debian.org (aka poledra.it.net.au) is listed in http://www.fr.debian.org/CD/http-ftp/ as a Debian mirror ? :)
Re: ftpd - security thread ?
In article <[EMAIL PROTECTED]> you wrote: > to certain IP address on port 80. With simple bash script I have > captured output of netstat while the ftpd package is getting > installed: try tcpdump, maybe it helps us if we know the content of that connection. > that IP address without me actually knowing about that? To me it seems > as a security thread. At the moment it appears that this happens only > if ftpd package is installed for a first time so > # dpkg -P ftpd > # apt-get install ftpd > does not create any connections. So you need to re-install debian to reproduce it? or how can you trigger it? Are you installing it from CD? how does your apt/sources.list looks like? Do you mean 4.0 or 3.1 debian stable? Greetings Bernd -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ftpd - security thread ?
Hello, Recently I have played with ftpd package from stable repository and I have discovered that every time the package gets installed it connects to certain IP address on port 80. With simple bash script I have captured output of netstat while the ftpd package is getting installed: +++ Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp0 0 127.0.0.1:3306 0.0.0.0:* LISTEN tcp0 1 10.1.1.200:3938 203.8.116.111:80SYN_SENT tcp6 0 0 :::80 :::*LISTEN tcp6 0 0 :::22 :::*LISTEN tcp6 0 0 :::10.1.1.200:22:::10.1.1.2:4716ESTABLISHED tcp6 0 0 :::10.1.1.200:22:::10.1.1.2:2572ESTABLISHED Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp0 0 127.0.0.1:3306 0.0.0.0:* LISTEN tcp0154 10.1.1.200:3938 203.8.116.111:80ESTABLISHED tcp6 0 0 :::80 :::*LISTEN tcp6 0 0 :::22 :::*LISTEN tcp6 0 0 :::10.1.1.200:22:::10.1.1.2:4716ESTABLISHED tcp6 0 0 :::10.1.1.200:22:::10.1.1.2:2572ESTABLISHED ++ running reverse dig command: dig -x 203.8.116.111 ;; ANSWER SECTION: 111.116.8.203.in-addr.arpa. 21600 INPTR poledra.it.net.au. I get poledra.it.net.au and a web browser reveals : "Hello. Welcome to the FTP archives of Informed Technology." This web page is run by company http://www.it.net.au. Can anyone explain why is this happening? Why is my box connecting to that IP address without me actually knowing about that? To me it seems as a security thread. At the moment it appears that this happens only if ftpd package is installed for a first time so # dpkg -P ftpd # apt-get install ftpd does not create any connections. thank you lubos -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]