On Fri, Feb 02, 2001 at 05:50:29PM -0600, Tanner, Robby wrote:
> Well, I just found the following lines in the log and shut down my server.
> What caused this?
> Why would 204.112.40.3 being trying to connect to itself?
>
> Feb 2 14:53:07 weisktsv03 kernel: Packet log: input DENY lo PROTO=6
> 204.112.40.
> 3:1026 204.112.40.3:21 L=60 S=0x00 I=13145 F=0x4000 T=64 SYN (#12)
> Feb 2 14:53:10 weisktsv03 kernel: Packet log: input DENY lo PROTO=6
> 204.112.40.
> 3:1026 204.112.40.3:21 L=60 S=0x00 I=13146 F=0x4000 T=64 SYN (#12)
> Feb 2 14:53:22 weisktsv03 inetd[3748]: execv /usr/sbin/in.identd: No such
> file
> or directory
>
Looks like it or something it NAT'ed is trying to connect to the FTP service.
You also appear to not have identd installed but are using the default Red Hat inetd
configuration. Go through and comment everything in /etc/inetd.conf that you don't
need to have running, especially all the r* services. In fact if you can avoid
needing inetd in the first place (use SSH over telnet for admin). I think Scott has
written some apps that require inetd but most of the services there are available in
some more secure form (ssh or kerberized rsh over regular rsh, kerberized telnet over
regular telnet, etc.).
Also, some applications or sites may require identd. There are identd servers
available that just send dummy responses so that they don't divulge anything about
local user accounts.
Dave H.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
