[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Why is Lynx listening on port 11xx ?

From: David Woolley
Subject: Re: lynx-dev Why is Lynx listening on port 11xx ?
Date: Mon, 27 Nov 2000 20:14:54 +0000 (GMT)

> I can telnet into it from a host the other side of the world. It accepts
> connections on my non-loopback interface from any address/port combination.

But you won't be able to do anything beyond exchange TCP SYNs.

Lynx is generally sychronous, so, whilst the OS may return an ACK, I 
doubt that anything will get as far as Lynx.

> Erm, OK. Sounds extremely dodgy to me. Surely whatever FTPd implementation
> is used on the server side, no FTP client (including Lynx) should be sitting
> there listening to and accepting any incoming connections from any address
> and any port after all data had been received and the control connection had
> been closed ? 

That sounds reasonable, but I don't think the threat is as great as you

> At the very least, if there _is_ a broken FTPd out there that requires a
> client to do this, shouldn't the client make sure that it only accepts
> connections from the IP of the FTP server it was talking to ?

I'm only half remembering the story, but it is one of the major Unix
ftp servers and the authors insist that their interpretation of the spec
is correct.  I can't remember the details, and it could even be opposite
hehaviour from that observed, but issue was to do with when data connections
get established and what happens when recycling a connection.

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]