[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Why is Lynx listening on port 11xx ?

From: Klaus Weide
Subject: Re: lynx-dev Why is Lynx listening on port 11xx ?
Date: Mon, 27 Nov 2000 15:51:06 -0600 (CST)

On Mon, 27 Nov 2000, David Woolley wrote:

> > I can telnet into it from a host the other side of the world. It accepts
> > connections on my non-loopback interface from any address/port combination.
> But you won't be able to do anything beyond exchange TCP SYNs.

Plus possibly send up to one window full of data?

But that data would never be read by any application.

> Lynx is generally sychronous, so, whilst the OS may return an ACK, I 
> doubt that anything will get as far as Lynx.
> > 
> > Erm, OK. Sounds extremely dodgy to me. Surely whatever FTPd implementation
> > is used on the server side, no FTP client (including Lynx) should be sitting
> > there listening to and accepting any incoming connections from any address
> > and any port after all data had been received and the control connection had
> > been closed ? 
> That sounds reasonable, but I don't think the threat is as great as you
> imagine.

Agreed.  I don't know of any *threat* in the behavior.

> > At the very least, if there _is_ a broken FTPd out there that requires a
> > client to do this, 

(there isn't... see below)

> > shouldn't the client make sure that it only accepts
> > connections from the IP of the FTP server it was talking to ?

The client (lynx) in fact is even more picky than you ask for -
it doesn't "accept" connections from *any* IP.  It just hasn't
told the OS yet that it doesn't want to accept anything on that
port any more.

> I'm only half remembering the story, but it is one of the major Unix
> ftp servers and the authors insist that their interpretation of the spec
> is correct.  I can't remember the details, and it could even be opposite
> hehaviour from that observed, but issue was to do with when data connections
> get established and what happens when recycling a connection.

I think you are referring to some discussions with one of the WU-FTPD
authors.  If so, those were not really related to the behavior in
question, as far as I remember.  In those discussions nobody argued
for (*or* against) keeping a listening socket around after it had already
done its job.


; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]