HPE Community
Operating System - HP-UX
1835312 Members
2206 Online
110078 Solutions
New Discussion

ftpd 'refused' messages in syslog

 
Brad Marks
Super Advisor

‎08-19-2003 12:44 PM

‎08-19-2003 12:44 PM

ftpd 'refused' messages in syslog

Running 10.20 on a k-420.
I've begun getting this repeating message in syslog at 20 min. after each hour. Any help in making this go away would be greatly appreciated.
Thanks!
Aug 17 02:20:29 fki ftpd[1113]: refused PORT 208,253,206,240,4,129
Aug 17 02:21:29 fki ftpd[1194]: refused PORT 208,253,206,240,4,130
Aug 17 02:22:29 fki ftpd[1241]: refused PORT 208,253,206,240,4,133
Aug 17 02:23:29 fki ftpd[1315]: refused PORT 208,253,206,240,4,134
Aug 17 03:20:29 fki ftpd[4084]: refused PORT 208,253,206,240,4,220
Aug 17 03:21:28 fki ftpd[4097]: refused PORT 208,253,206,240,4,221
Aug 17 03:22:28 fki ftpd[4172]: refused PORT 208,253,206,240,4,222
Aug 17 03:23:29 fki ftpd[4222]: refused PORT 208,253,206,240,4,223
Aug 17 04:20:28 fki ftpd[7076]: refused PORT 208,253,206,240,5,30
Aug 17 04:21:28 fki ftpd[7100]: refused PORT 208,253,206,240,5,31
Aug 17 04:22:28 fki ftpd[7110]: refused PORT 208,253,206,240,5,32
Aug 17 04:23:29 fki ftpd[7222]: refused PORT 208,253,206,240,5,35
Aug 17 05:20:29 fki ftpd[9868]: refused PORT 208,253,206,240,5,151
Aug 17 05:21:28 fki ftpd[9941]: refused PORT 208,253,206,240,5,152
Aug 17 05:22:28 fki ftpd[9951]: refused PORT 208,253,206,240,5,155
Aug 17 05:23:28 fki ftpd[10062]: refused PORT 208,253,206,240,5,156
It's not impossible -- it'll just cost more...
0 Kudos
7 REPLIES 7
Brian Bergstrand
Honored Contributor

‎08-20-2003 04:51 AM

‎08-20-2003 04:51 AM

Re: ftpd 'refused' messages in syslog

Someone is connecting to your server and sending a PORT command to setup the data connection. PORT consists of the 4 bytes of an IP address (208.253.206.240) and the two bytes of a port number.

This shell command will give you the port number by substituting X and Y with the last two numbers respectively.

echo $(( ($X<<8) + $Y ))

So the first port number would be:

echo $(( (4<<8) + 129 ))
1153

Your server is refusing the PORT commands for some reason. Most likely the PORT address is different from the host that made the connection. This will cause the server to reject the PORT command since someone could be trying to do something nasty (or they are behind a stupid NAT firewall). Your server may also be configured to not allow certain addresses.

If you are using WU-FTPD (which I think is the default in 11i - or maybe a patch) then check out the following config commands. They should allow you to accept different PORT addresses; if that is what you really want.

passive address
passive ports
pasv-allow
port-allow

HTH.
0 Kudos
Brad Marks
Super Advisor

‎08-23-2005 08:15 AM

‎08-23-2005 08:15 AM

Re: ftpd 'refused' messages in syslog

I found the solution to this! Only took two years!

In /etc/inetd.conf where the ftp service si started as ftpd, I added the -p argument. So the line looks like this:

ftp stream tcp nowait root /usr/lbin/ftpd ftpd -p

Thought someone might like to know one day...

Thanks,
Brad
It's not impossible -- it'll just cost more...
0 Kudos
Alan Meyer_4
Respected Contributor

‎08-23-2005 08:22 AM

‎08-23-2005 08:22 AM

Re: ftpd 'refused' messages in syslog

Brad, thanks for the update... I'd give you points... but, ummm, this is your message... :)
" I may not be certified, but I am certifiable... "
0 Kudos
Alex Lavrov.
Honored Contributor

‎08-23-2005 08:33 AM

‎08-23-2005 08:33 AM

Re: ftpd 'refused' messages in syslog

Hmm, how and why it solves the problem?
Don't have HPUX box right now to "man ftpd" :)
I don't give a damn for a man that can only spell a word one way. (M. Twain)
0 Kudos
Brad Marks
Super Advisor

‎08-23-2005 08:36 AM

‎08-23-2005 08:36 AM

Re: ftpd 'refused' messages in syslog

Alex,
As per the man page for ftpd:
-p The default action of ftpd does not allow usage of
reserved ports as the originating port on the
client's system i.e., the PORT command cannot
specify a reserved port. This option allows the
client to specify a reserved port. Note, allowing
usage of reserved ports can result in the misuse
of ftpd. The security ramifications should be
understood before the option is turned on.


Thanks, Alex, for helping this post to be more helpful.

Brad
It's not impossible -- it'll just cost more...
0 Kudos
Alex Lavrov.
Honored Contributor

‎08-23-2005 08:43 AM

‎08-23-2005 08:43 AM

Re: ftpd 'refused' messages in syslog

OK, thanx!

(zero points plz:) )
I don't give a damn for a man that can only spell a word one way. (M. Twain)
0 Kudos
Brad Marks
Super Advisor

‎08-23-2005 08:45 AM

‎08-23-2005 08:45 AM

Re: ftpd 'refused' messages in syslog

-p The default action of ftpd does not allow usage of
reserved ports as the originating port on the
client's system i.e., the PORT command cannot
specify a reserved port. This option allows the
client to specify a reserved port. Note, allowing
usage of reserved ports can result in the misuse
of ftpd. The security ramifications should be
understood before the option is turned on.
It's not impossible -- it'll just cost more...
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.