I know that wu-ftpd has a bad reputation in many quarters for
security, but I still don't know exactly how or why the thing below is
happening.
I have /etc/hosts.deny set to:
ALL: ALL
and /etc/hosts.allow set to:
ALL: LOCAL, .foobar.edu
But beside scores of messages in the logs like:
Dec 2 22:49:00 localhost wu-ftpd[466]: refused connect from
adsl-61892.turboline.skynet.be
I occasionally also see:
Nov 25 17:30:46 localhost wu-ftpd[3869]: connection from
apache.netics.net [195.223.184.81]
Nov 25 17:30:50 localhost wu-ftpd[3869]: lost connection to
apache.netics.net [195.223.184.81]
Nov 25 17:30:50 localhost wu-ftpd[3869]: FTP session closed
Nov 25 19:41:34 localhost wu-ftpd[3908]: connection from
f144170.upc-f.chello.nl [80.56.144.170]
Nov 25 19:41:34 localhost wu-ftpd[3908]: FTP LOGIN REFUSED (ftp not in
/etc/passwd) FROM f144170.upc-f.chello.nl [80.56.144.170], anonymous
Nov 25 19:41:35 localhost wu-ftpd[3908]: FTP session closed
which indicate connection-attempts which were not refused right away.
Should I assume that these are connection-attempts from the local
domain, with counterfeit IP addresses and hostnames supplied to the
logging system?
Thanks for any help anyone might have to offer.
Jim McCloskey
