Security Incidents mailing list archives

Re: stranger ftp kill

From: rabe () RWTH-AACHEN DE (Ralf G. R. Bergs)
Date: Tue, 27 Jun 2000 00:57:30 +0200


On Sat, 24 Jun 2000 00:12:09 +0200, frank () STUDENT2 RUG AC BE wrote:

Aanhalen Max Gribov <mgribov () KPLAB COM>:

Jun 23 12:13:08 web inetd[626]: ftp/tcp server failing (looping or being
flooded), service terminated for 10 min
Jun 23 12:13:08 web ftpd[417]: FTP session closed


There were more than 40 connections in 60 seconds. (inetd's default timeout
values.)

This has nothing to do with ftpd. Inetd takes care of that. check man inetd

for

more info ...


You're right, but let me shed some light on *why* this might have happened.

There is something called an "FTP bounce attack." This might very well have
been the reason why the inetd server failed by looping.


--
Sign the EU petition against SPAM:          L I N U X       .~.
http://www.politik-digital.de/spam/        The  Choice      /V\
                                            of a  GNU      /( )\
                                           Generation      ^^-^^

Current thread:

Re: stranger ftp kill Ralf G. R. Bergs (Jun 26)
- <Possible follow-ups>
- Re: stranger ftp kill Oliver Friedrichs (Jun 27)