Bug 110514 - tftp connect failures fill log files
Summary: tftp connect failures fill log files
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: tftp
Version: 9
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Elliot Lee
QA Contact: David Lawrence
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-11-20 16:42 UTC by rick rauenzahn
Modified: 2007-04-18 16:59 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2003-12-17 20:08:38 UTC
Embargoed:

Attachments (Terms of Use)

Description rick rauenzahn 2003-11-20 16:42:24 UTC 
Description of problem: tftp failures fill log files

i have  configured /etc/hosts.deny as follows:

ALL EXCEPT in.tftpd: ALL: spawn (/usr/sbin/safe_finger -l @%h | \
     /bin/mail -s %d-%h root.gov) &
in.tftpd: ALL

and the relevant parts of /etc/hosts.allow as follows to allow tftp 
connections from cluster members:

in.tftpd: 172.16.1.1,172.16.1.2,172.16.1.3
portmap:     128.165.23.,128.165.59.,172.16.1.1,172.16.1.2,172.16.1.3
rpc.mountd:  128.165.23.,128.165.59.,172.16.1.1,172.16.1.2,172.16.1.3
rquotad:     128.165.23.,128.165.59.,172.16.1.1,172.16.1.2,172.16.1.3
rpc.statd:   128.165.23.,128.165.59.,172.16.1.1,172.16.1.2,172.16.1.3
lockd:       128.165.23.,128.165.59.,172.16.1.1,172.16.1.2,172.16.1.3
rpc.nfsd:    128.165.23.,128.165.59.,172.16.1.1,172.16.1.2,172.16.1.3

when an unauthorized machine tries to connect via telnet, i get one 
entry in the log files in /var/log.  when the same machine tries to 
use tftp, the log files will fill ad nauseum with stuff like:


Nov 20 08:19:42 octet xinetd[1528]: FAIL: tftp libwrap 
from=128.165.251.200
Nov 20 08:19:42 octet xinetd[30952]: START: tftp pid=1529 
from=128.165.251.200
Nov 20 08:19:42 octet xinetd[1529]: FAIL: tftp libwrap 
from=128.165.251.200
Nov 20 08:19:42 octet xinetd[30952]: START: tftp pid=1530 
from=128.165.251.200
Nov 20 08:19:42 octet xinetd[1530]: FAIL: tftp libwrap 
from=128.165.251.200
Nov 20 08:19:42 octet xinetd[30952]: START: tftp pid=1531 
from=128.165.251.200
Nov 20 08:19:43 octet xinetd[1531]: FAIL: tftp libwrap 
from=128.165.251.200
Nov 20 08:19:43 octet xinetd[30952]: START: tftp pid=1532 
from=128.165.251.200
Nov 20 08:19:43 octet xinetd[1532]: FAIL: tftp libwrap 
from=128.165.251.200
Nov 20 08:19:43 octet xinetd[1533]: FAIL: tftp libwrap 
from=128.165.251.200

to the point of filling /var.  this is not what i would expect.

Version-Release number of selected component (if applicable):
xinetd-2.3.11-1.9.0


How reproducible:always


Steps to Reproduce:
1.set up /etc/hosts.* as above
2.try to connect from unauthorized machine via tftp
3.
  
Actual results: fills /var/log/info and /var/log/secure


Expected results: one entry in log files


Additional info:
Comment 1 Elliot Lee 2003-12-17 20:08:38 UTC 
TFTP is a UDP-based protocol, so xinetd is probably trying to kick off
a new tftpd for every packet that comes in from the remote host.

Nothing can be done besides perhaps changing what tcp_wrappers logs.
You're on your own on that.
Note You need to log in before you can comment on or make changes to this bug.