Description of problem: tftp failures fill log files i have configured /etc/hosts.deny as follows: ALL EXCEPT in.tftpd: ALL: spawn (/usr/sbin/safe_finger -l @%h | \ /bin/mail -s %d-%h root.gov) & in.tftpd: ALL and the relevant parts of /etc/hosts.allow as follows to allow tftp connections from cluster members: in.tftpd: 172.16.1.1,172.16.1.2,172.16.1.3 portmap: 128.165.23.,128.165.59.,172.16.1.1,172.16.1.2,172.16.1.3 rpc.mountd: 128.165.23.,128.165.59.,172.16.1.1,172.16.1.2,172.16.1.3 rquotad: 128.165.23.,128.165.59.,172.16.1.1,172.16.1.2,172.16.1.3 rpc.statd: 128.165.23.,128.165.59.,172.16.1.1,172.16.1.2,172.16.1.3 lockd: 128.165.23.,128.165.59.,172.16.1.1,172.16.1.2,172.16.1.3 rpc.nfsd: 128.165.23.,128.165.59.,172.16.1.1,172.16.1.2,172.16.1.3 when an unauthorized machine tries to connect via telnet, i get one entry in the log files in /var/log. when the same machine tries to use tftp, the log files will fill ad nauseum with stuff like: Nov 20 08:19:42 octet xinetd[1528]: FAIL: tftp libwrap from=128.165.251.200 Nov 20 08:19:42 octet xinetd[30952]: START: tftp pid=1529 from=128.165.251.200 Nov 20 08:19:42 octet xinetd[1529]: FAIL: tftp libwrap from=128.165.251.200 Nov 20 08:19:42 octet xinetd[30952]: START: tftp pid=1530 from=128.165.251.200 Nov 20 08:19:42 octet xinetd[1530]: FAIL: tftp libwrap from=128.165.251.200 Nov 20 08:19:42 octet xinetd[30952]: START: tftp pid=1531 from=128.165.251.200 Nov 20 08:19:43 octet xinetd[1531]: FAIL: tftp libwrap from=128.165.251.200 Nov 20 08:19:43 octet xinetd[30952]: START: tftp pid=1532 from=128.165.251.200 Nov 20 08:19:43 octet xinetd[1532]: FAIL: tftp libwrap from=128.165.251.200 Nov 20 08:19:43 octet xinetd[1533]: FAIL: tftp libwrap from=128.165.251.200 to the point of filling /var. this is not what i would expect. Version-Release number of selected component (if applicable): xinetd-2.3.11-1.9.0 How reproducible:always Steps to Reproduce: 1.set up /etc/hosts.* as above 2.try to connect from unauthorized machine via tftp 3. Actual results: fills /var/log/info and /var/log/secure Expected results: one entry in log files Additional info:
TFTP is a UDP-based protocol, so xinetd is probably trying to kick off a new tftpd for every packet that comes in from the remote host. Nothing can be done besides perhaps changing what tcp_wrappers logs. You're on your own on that.