Re: VSFTPD accepting same user/session from different IP addresses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi Kai,

Am 22.03.10 15:31, schrieb Kai Schaetzl:
> Dirk H. Schulz wrote on Mon, 22 Mar 2010 13:41:50 +0100:
>
>    
>> What I am concerned about is the fact that the client sends out using
>> various gateways at once. Is there some configuration item in VSFTPD
>> which can prevent this and reject packets from the additional ip addresses?
>>      
> Note, this is not the same session, it's a different connect with the same
> user credentials. I don't see a problem with this. It's not a security
> problem and it's hardly a load problem. Users usually don't have more than
> one IP at their disposal at the same time. This is one of the few cases where
> this is different.
>    
Thanks for the fast answer - and sorry for insisting. This
> Wed Mar 10 15:52:33 2010 [pid 15232] [uploaduser] OK MKDIR: Client 
> "195.200.70.40", "/04 LV gelieferte Daten 04_2010/04 LV 
> Seiten/Jungz?chter"
> Wed Mar 10 15:52:33 2010 [pid 15231] [uploaduser] FAIL MKDIR: Client 
> "195.200.70.41", "/04 LV gelieferte Daten 04_2010/04 LV 
> Seiten/Jungz?chter"
makes me think that the same session with the same commands is 
"delivered" via 2 outgoing gateways, because it would be very 
complicated to have two ftp clients issue the same command in the same 
second. Know what I mean?

By the way, vsftpd seems not to handle this situation securely, so I 
want to prevent any occurance of it.

Dirk
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux