NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

bin/40339: ftpd does not log IP address of remote client



>Number:         40339
>Category:       bin
>Synopsis:       ftpd does not log IP address of remote client
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Wed Jan 07 18:15:00 +0000 2009
>Originator:     Ed Ravin
>Release:        5.0
>Organization:
PANIX Public Access Networks Corp
>Environment:
NetBSD panix5.panix.com 5.0_BETA NetBSD 5.0_BETA (PANIX-XEN3U-USER-pae) #1: Thu 
Nov 13 17:26:16 EST 2008  
root%juggler.panix.com@localhost:/misc1/obj/misc2/devel/netbsd/5-beta/src/sys/arch/i386/compile/PANIX-XEN3U-USER-pae
 i386

>Description:
ftpd logins and password failures are logged with the reverse lookup of the IP 
address of the client, for example:

ftpd[10377]: FTP LOGIN FROM pool-72-89-248-152.nycmny.fios.verizon.net as 
randomuser (class: real, type: REAL)

ftpd[21661]: FTP LOGIN FAILED FROM cpc3-bele3-0-0-cust879.belf.cable.ntl.com

For security and audit purposes, the IP address of the remote client should be 
included.  For example, an attacker might change their reverse DNS after the 
attack, someone reviewing the logs a day later (or even an hour later) might 
not be able to discern the correct IP address of the remote client.

Also, users of products that automatically filter out attacks (like fail2ban) 
prefer using the IP address to reliably block the attacker by adding an 
ipfilter against them.
>How-To-Repeat:

>Fix:



Home | Main Index | Thread Index | Old Index