[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev Why is Lynx listening on port 11xx ?
From: |
David Woolley |
Subject: |
Re: lynx-dev Why is Lynx listening on port 11xx ? |
Date: |
Mon, 27 Nov 2000 20:14:54 +0000 (GMT) |
>
> I can telnet into it from a host the other side of the world. It accepts
> connections on my non-loopback interface from any address/port combination.
But you won't be able to do anything beyond exchange TCP SYNs.
Lynx is generally sychronous, so, whilst the OS may return an ACK, I
doubt that anything will get as far as Lynx.
>
> Erm, OK. Sounds extremely dodgy to me. Surely whatever FTPd implementation
> is used on the server side, no FTP client (including Lynx) should be sitting
> there listening to and accepting any incoming connections from any address
> and any port after all data had been received and the control connection had
> been closed ?
That sounds reasonable, but I don't think the threat is as great as you
imagine.
>
> At the very least, if there _is_ a broken FTPd out there that requires a
> client to do this, shouldn't the client make sure that it only accepts
> connections from the IP of the FTP server it was talking to ?
I'm only half remembering the story, but it is one of the major Unix
ftp servers and the authors insist that their interpretation of the spec
is correct. I can't remember the details, and it could even be opposite
hehaviour from that observed, but issue was to do with when data connections
get established and what happens when recycling a connection.
; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden