Somebody floods my system with requests every night. I have the ntalkd
refused through tcp wrappers, but I would like to turn user info over to
the sys admin at that site. I installed pidentd 2.7.4, but how do I
identify the specific user on that system who is sending the ntalkd
requests?
The identd logs to /var/adm/syslog.dated/<date>/daemon.log but entries
there do not match the times of the refused requests, and do not seem to
indicate user id.
Should I be doing or using something else?
Thanks.
entry from daemon.log:
Dec 16 15:03:46 robles identd[28941]: Connection from 144.80.128.6
Dec 16 15:03:46 robles identd[28941]: from: 144.80.128.6 ( 144.80.128.6
) for: 2
572, 25
Config of pidentd from inetd.conf:
#identd server
ident stream tcp wait root /usr/sbin/identd identd -w
-t120 -l -n -o
Typical refused ntalkd session (several hundred per day):
Dec 16 20:26:26 robles ntalkd[13281]: refused connect from
oak.grove.iup.edu
Received on Wed Dec 17 1997 - 20:51:13 NZDT