[CentOS] VSFTPD accepting same user/session from different IP addresses

Dirk H. Schulz dirk.schulz at kinzesberg.de
Mon Mar 22 14:41:55 UTC 2010


Hi Kai,

Am 22.03.10 15:31, schrieb Kai Schaetzl:
> Dirk H. Schulz wrote on Mon, 22 Mar 2010 13:41:50 +0100:
>
>    
>> What I am concerned about is the fact that the client sends out using
>> various gateways at once. Is there some configuration item in VSFTPD
>> which can prevent this and reject packets from the additional ip addresses?
>>      
> Note, this is not the same session, it's a different connect with the same
> user credentials. I don't see a problem with this. It's not a security
> problem and it's hardly a load problem. Users usually don't have more than
> one IP at their disposal at the same time. This is one of the few cases where
> this is different.
>    
Thanks for the fast answer - and sorry for insisting. This
> Wed Mar 10 15:52:33 2010 [pid 15232] [uploaduser] OK MKDIR: Client 
> "195.200.70.40", "/04 LV gelieferte Daten 04_2010/04 LV 
> Seiten/Jungz?chter"
> Wed Mar 10 15:52:33 2010 [pid 15231] [uploaduser] FAIL MKDIR: Client 
> "195.200.70.41", "/04 LV gelieferte Daten 04_2010/04 LV 
> Seiten/Jungz?chter"
makes me think that the same session with the same commands is 
"delivered" via 2 outgoing gateways, because it would be very 
complicated to have two ftp clients issue the same command in the same 
second. Know what I mean?

By the way, vsftpd seems not to handle this situation securely, so I 
want to prevent any occurance of it.

Dirk



More information about the CentOS mailing list