Bug 110514 - tftp connect failures fill log files
tftp connect failures fill log files
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: tftp (Show other bugs)
9
All Linux
medium Severity medium
: ---
: ---
Assigned To: Elliot Lee
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-11-20 11:42 EST by rick rauenzahn
Modified: 2007-04-18 12:59 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-12-17 15:08:38 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description rick rauenzahn 2003-11-20 11:42:24 EST
Description of problem: tftp failures fill log files

i have  configured /etc/hosts.deny as follows:

ALL EXCEPT in.tftpd: ALL: spawn (/usr/sbin/safe_finger -l @%h | \
     /bin/mail -s %d-%h root@octet.lanl.gov) &
in.tftpd: ALL

and the relevant parts of /etc/hosts.allow as follows to allow tftp 
connections from cluster members:

in.tftpd: 172.16.1.1,172.16.1.2,172.16.1.3
portmap:     128.165.23.,128.165.59.,172.16.1.1,172.16.1.2,172.16.1.3
rpc.mountd:  128.165.23.,128.165.59.,172.16.1.1,172.16.1.2,172.16.1.3
rquotad:     128.165.23.,128.165.59.,172.16.1.1,172.16.1.2,172.16.1.3
rpc.statd:   128.165.23.,128.165.59.,172.16.1.1,172.16.1.2,172.16.1.3
lockd:       128.165.23.,128.165.59.,172.16.1.1,172.16.1.2,172.16.1.3
rpc.nfsd:    128.165.23.,128.165.59.,172.16.1.1,172.16.1.2,172.16.1.3

when an unauthorized machine tries to connect via telnet, i get one 
entry in the log files in /var/log.  when the same machine tries to 
use tftp, the log files will fill ad nauseum with stuff like:


Nov 20 08:19:42 octet xinetd[1528]: FAIL: tftp libwrap 
from=128.165.251.200
Nov 20 08:19:42 octet xinetd[30952]: START: tftp pid=1529 
from=128.165.251.200
Nov 20 08:19:42 octet xinetd[1529]: FAIL: tftp libwrap 
from=128.165.251.200
Nov 20 08:19:42 octet xinetd[30952]: START: tftp pid=1530 
from=128.165.251.200
Nov 20 08:19:42 octet xinetd[1530]: FAIL: tftp libwrap 
from=128.165.251.200
Nov 20 08:19:42 octet xinetd[30952]: START: tftp pid=1531 
from=128.165.251.200
Nov 20 08:19:43 octet xinetd[1531]: FAIL: tftp libwrap 
from=128.165.251.200
Nov 20 08:19:43 octet xinetd[30952]: START: tftp pid=1532 
from=128.165.251.200
Nov 20 08:19:43 octet xinetd[1532]: FAIL: tftp libwrap 
from=128.165.251.200
Nov 20 08:19:43 octet xinetd[1533]: FAIL: tftp libwrap 
from=128.165.251.200

to the point of filling /var.  this is not what i would expect.

Version-Release number of selected component (if applicable):
xinetd-2.3.11-1.9.0


How reproducible:always


Steps to Reproduce:
1.set up /etc/hosts.* as above
2.try to connect from unauthorized machine via tftp
3.
  
Actual results: fills /var/log/info and /var/log/secure


Expected results: one entry in log files


Additional info:
Comment 1 Elliot Lee 2003-12-17 15:08:38 EST
TFTP is a UDP-based protocol, so xinetd is probably trying to kick off
a new tftpd for every packet that comes in from the remote host.

Nothing can be done besides perhaps changing what tcp_wrappers logs.
You're on your own on that.

Note You need to log in before you can comment on or make changes to this bug.