Hello tech@,
I run a not note-worthy anonymous ftp server at home for friends and
family. This works perfectly with the supplied ftpd.
As of recently I noticed the amount of unfamiliar connections rising,
but using wtmp and last I found that it used reverse lookups.
For a lot of cases this isn't a problem. But there are a couple of
instances where the domain name resolves to something a little to
generic to be useful to determine it's origin and hence I'm not able to
decide if it's a legit connection or not, let alone being able to place
it in my firewall.
To fix this for myself I made this minor patch to retrieve the ip
address instead of the the reverse lookup. This appears to be the same
behavior as sshd shows.
Of course this behavior could be placed behind a diff or just kept in my
personal source-tree copy.
Index: ftpd.c
===================================================================
RCS file: /cvs/src/libexec/ftpd/ftpd.c,v
retrieving revision 1.196
diff -u -a -r1.196 ftpd.c
--- ftpd.c 4 Dec 2012 02:24:47 -0000 1.196
+++ ftpd.c 4 May 2013 05:24:44 -0000
@@ -2166,7 +2166,7 @@
{
char hbuf[sizeof(remotehost)];
- if (getnameinfo(sa, sa->sa_len, hbuf, sizeof(hbuf), NULL, 0, 0)
== 0)
+ if (getnameinfo(sa, sa->sa_len, hbuf, sizeof(hbuf), NULL, 0,
NI_NUMERICHOST) == 0)
(void) strlcpy(remotehost, hbuf, sizeof(remotehost));
else
(void) strlcpy(remotehost, "unknown", sizeof(remotehost));
Sincerely,
Martijn van Duren
