diff options
author | joshd <joshd@cvs.openbsd.org> | 1996-07-28 05:13:20 +0000 |
---|---|---|
committer | joshd <joshd@cvs.openbsd.org> | 1996-07-28 05:13:20 +0000 |
commit | 0c712494a144b27a880799b0cd79be293f092185 (patch) | |
tree | e639e10bcfb0abc4dbf9a90512a9279855f9a5d6 /usr.sbin | |
parent | 0a66eee12b9cc1b7d3d550235f37dd012b5d30f1 (diff) |
Do not allow hosts to connect to servers from
source ports < IPPORT_RESERVED/2. This is for ftp bounce attacks,
Diffstat (limited to 'usr.sbin')
-rw-r--r-- | usr.sbin/inetd/inetd.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/usr.sbin/inetd/inetd.c b/usr.sbin/inetd/inetd.c index d854d591cd0..b3963bc1f79 100644 --- a/usr.sbin/inetd/inetd.c +++ b/usr.sbin/inetd/inetd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: inetd.c,v 1.6 1996/06/29 01:02:24 deraadt Exp $ */ +/* $OpenBSD: inetd.c,v 1.7 1996/07/28 05:13:19 joshd Exp $ */ /* $NetBSD: inetd.c,v 1.11 1996/02/22 11:14:41 mycroft Exp $ */ /* * Copyright (c) 1983,1991 The Regents of the University of California. @@ -41,7 +41,7 @@ char copyright[] = #ifndef lint /*static char sccsid[] = "from: @(#)inetd.c 5.30 (Berkeley) 6/3/91";*/ -static char rcsid[] = "$OpenBSD: inetd.c,v 1.6 1996/06/29 01:02:24 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: inetd.c,v 1.7 1996/07/28 05:13:19 joshd Exp $"; #endif /* not lint */ /* @@ -275,8 +275,9 @@ main(argc, argv, envp) register struct group *grp; register int tmpint; struct sigvec sv; - int ch, pid, dofork; + int ch, pid, dofork, plen; char buf[50]; + struct sockaddr_in peer; Argv = argv; if (envp == 0 || *envp == 0) @@ -380,6 +381,16 @@ main(argc, argv, envp) sep->se_service); continue; } + plen = sizeof(peer); + if (getpeername(ctrl, (struct sockaddr *)&peer, &plen) < 0) + { syslog(LOG_WARNING, "could not getpeername"); + continue; + } + if (ntohs(peer.sin_port) == 20) + { syslog(LOG_INFO, "Connect to %s from port %d", + sep->se_service, ntohs(peer.sin_port)); + continue; + } } else ctrl = sep->se_fd; (void) sigblock(SIGBLOCK); |