On Wed, Jan 30, 2002 at 07:10:15AM -0500, Ciarcinski, Adam (ISS Brussels) wrote:
> Hi,
> 
> I have two questions regarding the 'ftpd'.
> 
> 1. nessus-1.0.10 reports that 'ftpd' can be killed after
>    ~3000 login tries; during the test 'inetd' reports
>    "ftp/tcp server falling (looping), service terminated"
>    Is it 'ftpd''s security issue?

man inetd.conf  It's configurable.

The fields of the configuration file are as follows:

           [addr:]service-name
           socket-type
           protocol[,sndbuf=size][,rcvbuf=size]
           wait/nowait[.max]
           user[.group]
           server-program
           server program arguments

``max'' suffix (separated from ``wait'' or ``nowait'' by a dot) specifies
the maximum number of server instances that may be spawned from inetd
within an interval of 60 seconds. When omitted, ``max'' defaults to 40.

> 2. The latest 'ftpd' (from the -current branch) behaves
>    strangely with some clients, including Windows2000
>    'ftp' command and Amiga Genesis 'ftp' and 'ncftp':
>    only one command can be issued, and after that it
>    hangs.
>    Is this on purpose?

Does it hang during the first command? (i.e. 'ls' never returns output)
That more often indicates that the client is behind a firewall that
doesn't do active ftp properly...

I don't have either of those clients handy for testing though.

-- 
David Maxwell, david@vex.net|david@maxwell.net -->
All this stuff in twice the space would only look half as bad!
					      - me