Wasn't tcplogd itself a security risk? I think it was on the debian-security mailing list...
Regards, Onno At 11:07 PM 2/13/00 -0500, Mark Lynn wrote: >I have two machines running Corel Linux 1.0 (not sure which debain >release this corresponds to) and am having difficulty with >one or possibly both of them. The one machine, named kovu, >started responding with "Resource temporarily unavailable" messages >when I tried to perform most any task from a shell. Upon further >investigation, I noticed that it was swamped with sleeping tcplogd >processes. The daemon log was full of messages of the form > >"tcplogd: port 832 connection attempt from [EMAIL PROTECTED]" > >and also > >"tcplogd: port 832 connection attempt from [EMAIL PROTECTED]" > >where meeko is my other linux box. > > >Inspection of meeko's logs showed tons of messages of the form > >"tcplogd: auth connection attempt from kovu.sabado.com" > > >On kovu, I restarted iplogger and all the sleeping tcplogd's went away. >However, every 5-15 minutes a new one is added and I assume they will >eventually chew up all available processes. There are no extra instances >of tcplogd on meeko. > >Obviously, I've screwed something up somewhere, but don't know what. >Any guess as to what's going on? Is there any particular significance >to port 832? I didn't see it listed in the services. What on meeko could >be attempting to open this port? Further, why does tcplogd keep spawning >new processes that don't go away? > >I realize that iplogger is being replaced, but would really like to >understand >this problem before I explore upgrading packages. > >Thanks for any help. > > >Mark Lynn >Sabado Technologies >[EMAIL PROTECTED] > > >-- >Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > > >
