Problems with looping fetch auditfile.tbz from ftp sites
Rudolf Cejka
cejkar at fit.vutbr.cz
Wed Mar 31 04:31:18 PST 2004
Rudolf Cejka wrote (2004/03/31):
> I have problems with slowly coming ftp-DoS on ftp.cz.FreeBSD.org. What
> about the other mirror sites? It started two weeks ago (and it is visible
> since one week ago). When anybody installs security/portaudit, it wants
> to automatically fetch -1am portaudit.tbz every day (?). If somebody is
> protected by firewall, ftp server could not establish data connection and
> returns error in an control connection. Unfortunately it seems to me,
> that flags -1am for fetch mean to retry data download all the time
> (-a = Automatically retry the transfer upon soft failures). Am I right?
> Is it possible to do something with it? Thanks.
Oops - I forgot to say the point: I have slowly growing number of active
ftp connectoins permanently trying to retrieve portaudit.tbz from the
server. Setting the idle timeout does not help, because the ftp control
connection is alive all the time, because it tries to RETR portaudit.tbz
with small delays equal to the data connection timeout from the server
to the ftp client.
--
Rudolf Cejka <cejkar at fit.vutbr.cz> http://www.fit.vutbr.cz/~cejkar
Brno University of Technology, Faculty of Information Technology
Bozetechova 2, 612 66 Brno, Czech Republic
More information about the freebsd-hubs
mailing list