SUMMARY: Daemon.log with "ttloop: peer died: Not owner" messages from Marcelo Fiuza on 2001-03-27 (tru64-unix-managers)

From: Marcelo Fiuza <marcelo.fiuza_at_intelig.net.br>
Date: Mon, 26 Mar 2001 13:37:01 -0300

Well,

The software "What´up Gold" was running on a PC connected to the
network. It was trying to connect and disconnecting
immediately after. Thanks Robert Mulley [Robert.Mulley_at_unilever.com],
Bill.Melvin_at_esc.edu, Derk Tegeler [derk.tegeler_at_cmg.nl] and Phil
Baldwin [baldwinp_at_eurodis.com]

<<RE: Daemon.log with \"ttloop: peer died: Not owner\" messages>> <<Re:
Daemon.log with "ttloop: peer died: Not owner" messages>> <<RE: Daemon.log
with "ttloop: peer died: Not owner" messages>> <<RE: Daemon.log with
"ttloop: peer died: Not owner" messages>>

MARCELO FIUZA
___________________________________________
* E-mail : marcelo.fiuza_at_intelig.net.br

attached mail follows:

Hello,

Do you have any kind of monitoring programs running on your network. We
used to get a similar thing from a monitoring program called "What's Up".
The checks that it performed caused these messages. As you can see the
messages occur every 5 seconds so there must be something out there
monitoring your box.

I don't know how to stop it short of not monitoring anymore.

Robert Mulley
Unix Admin

-----Original Message-----
From: Marcelo Fiuza [SMTP:marcelo.fiuza_at_intelig.net.br]
Sent: 26 March 2001 14:26
To: tru64-unix-managers_at_ornl.gov
Subject: Daemon.log with "ttloop: peer died: Not owner" messages


Gurus,
        Daemon.log file is receiving a lot of "ttloop: peer died: Not
owner" messages. The system is running well, but I´m sure it´s not normal.
How do I solve this problem ?!?
        Info1 : I did Shutdown the system yesterday ... I thought it
would solve the problem, but it didn´t.
        Info2 : It´s a Alpha 4100 running Tru64 4.0 D

Here comes the examples ...
/usr/var/adm/syslog.dated/25-Mar-12:47>ps -edf|grep telnetd
root 878 541 0.0 10:09:17 ?? 0:00.02 telnetd
root 11499 541 0.0 09:26:37 ?? 0:00.03 telnetd
root 15239 541 0.0 09:35:42 ?? 0:00.04 telnetd
root 15846 541 0.0 15:07:11 ?? 0:00.03 telnetd
root 22198 541 0.0 06:39:03 ?? 0:00.03 telnetd
root 24598 541 0.0 08:49:44 ?? 0:00.27 telnetd
root 24691 541 0.0 09:54:38 ?? 0:00.03 telnetd
root 26336 541 0.0 08:55:43 ?? 0:00.14 telnetd
root 27064 541 0.0 09:56:11 ?? 0:00.62 telnetd
root 30133 541 0.0 10:02:51 ?? 0:00.07 telnetd
root 1985 26278 0.0 10:10:54 ttyp7 0:00.01 grep telnetd
/usr/var/adm/syslog.dated/25-Mar-12:47>cat daemon.log|tail -10
Mar 26 10:10:14 smp1 telnetd[426]: ttloop: peer died: Not owner
Mar 26 10:10:19 smp1 telnetd[1371]: ttloop: peer died: Not owner
Mar 26 10:10:24 smp1 telnetd[1919]: ttloop: peer died: Not owner
Mar 26 10:10:29 smp1 telnetd[1745]: ttloop: peer died: Not owner
Mar 26 10:10:34 smp1 telnetd[935]: ttloop: peer died: Not owner
Mar 26 10:10:39 smp1 telnetd[683]: ttloop: peer died: Not owner
Mar 26 10:10:44 smp1 telnetd[1723]: ttloop: peer died: Not owner
Mar 26 10:10:49 smp1 telnetd[1143]: ttloop: peer died: Not owner
Mar 26 10:10:54 smp1 telnetd[1797]: ttloop: peer died: Not owner
Mar 26 10:10:59 smp1 telnetd[1717]: ttloop: peer died: Not owner
/usr/var/adm/syslog.dated/25-Mar-12:47>uptime
10:25 up 21:40, 14 users, load average: 1.06, 0.98, 1.08

Thanks in advance ...

Marcelo Fiuza
marcelo.fiuza_at_intelig.net.br

attached mail follows:

Marcelo,

hi ... usually you see this when you are being portscanned
or something automated is trying to connect and disconnecting
immediately after. The 5 second interval is suspicious as well.

Do you know of anything on your network that would try to
connect every 5 seconds? Is someone on your network doing
a scan sweep and didnt tell you about it? Is telnet from
outside your network allowed by your border routers?

Anyway, this is not something I would take lightly until I
knew what was trying to connect.

/Bill

Marcelo Fiuza <marcelo.fiuza_at_intelig.net.br>_at_ornl.gov on 03/26/2001
08:55:53 AM

Sent by: tru64-unix-managers-owner_at_ornl.gov Bill.Melvin_at_esc.edu

To: tru64-unix-managers_at_ornl.gov
cc:

Subject: Daemon.log with "ttloop: peer died: Not owner" messages

Gurus,

 Daemon.log file is receiving a lot of "ttloop: peer died: Not
owner" messages. The system is running well, but I´m sure it´s not normal.
How do I solve this problem ?!?

 Info1 : I did Shutdown the system yesterday ... I thought it would
solve the problem, but it didn´t.
 Info2 : It´s a Alpha 4100 running Tru64 4.0 D

Here comes the examples ...

/usr/var/adm/syslog.dated/25-Mar-12:47>ps -edf|grep telnetd
root 878 541 0.0 10:09:17 ?? 0:00.02 telnetd
root 11499 541 0.0 09:26:37 ?? 0:00.03 telnetd
root 15239 541 0.0 09:35:42 ?? 0:00.04 telnetd
root 15846 541 0.0 15:07:11 ?? 0:00.03 telnetd
root 22198 541 0.0 06:39:03 ?? 0:00.03 telnetd
root 24598 541 0.0 08:49:44 ?? 0:00.27 telnetd
root 24691 541 0.0 09:54:38 ?? 0:00.03 telnetd
root 26336 541 0.0 08:55:43 ?? 0:00.14 telnetd
root 27064 541 0.0 09:56:11 ?? 0:00.62 telnetd
root 30133 541 0.0 10:02:51 ?? 0:00.07 telnetd
root 1985 26278 0.0 10:10:54 ttyp7 0:00.01 grep telnetd

/usr/var/adm/syslog.dated/25-Mar-12:47>cat daemon.log|tail -10
Mar 26 10:10:14 smp1 telnetd[426]: ttloop: peer died: Not owner
Mar 26 10:10:19 smp1 telnetd[1371]: ttloop: peer died: Not owner
Mar 26 10:10:24 smp1 telnetd[1919]: ttloop: peer died: Not owner
Mar 26 10:10:29 smp1 telnetd[1745]: ttloop: peer died: Not owner
Mar 26 10:10:34 smp1 telnetd[935]: ttloop: peer died: Not owner
Mar 26 10:10:39 smp1 telnetd[683]: ttloop: peer died: Not owner
Mar 26 10:10:44 smp1 telnetd[1723]: ttloop: peer died: Not owner
Mar 26 10:10:49 smp1 telnetd[1143]: ttloop: peer died: Not owner
Mar 26 10:10:54 smp1 telnetd[1797]: ttloop: peer died: Not owner
Mar 26 10:10:59 smp1 telnetd[1717]: ttloop: peer died: Not owner

/usr/var/adm/syslog.dated/25-Mar-12:47>uptime
10:25 up 21:40, 14 users, load average: 1.06, 0.98, 1.08

Thanks in advance ...

Marcelo Fiuza
marcelo.fiuza_at_intelig.net.br

attached mail follows:

Message-ID: <11A760648FE3D211BE5200A0C9F2A194E1654A_at_NL-ENS-MAIL01>
From: Derk Tegeler <derk.tegeler_at_cmg.nl>
To: Marcelo Fiuza <marcelo.fiuza_at_intelig.net.br>
Subject: RE: Daemon.log with "ttloop: peer died: Not owner" messages
Date: Mon, 26 Mar 2001 10:37:49 -0300
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: multipart/alternative;
 boundary="----_=_NextPart_003_01C0B612.FB818590"

------_=_NextPart_003_01C0B612.FB818590
Content-Type: text/plain;
 charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Could be a routing problem, where the opening of the TCP connection cannot
complete. SYN comes in but SYN, ACK cannot reach the peer. Check for
SYN_RCVD stat of connections with netstat command.
SYN<-
SYN->ACK->
ACK->

-----Original Message-----
From: Marcelo Fiuza [mailto:marcelo.fiuza_at_intelig.net.br]
Sent: Monday, March 26, 2001 15:26
To: tru64-unix-managers_at_ornl.gov
Subject: Daemon.log with "ttloop: peer died: Not owner" messages

Gurus,

 Daemon.log file is receiving a lot of "ttloop: peer died: Not
owner" messages. The system is running well, but I´m sure it´s not normal.
How do I solve this problem ?!?

 Info1 : I did Shutdown the system yesterday ... I thought it would
solve the problem, but it didn´t.
 Info2 : It´s a Alpha 4100 running Tru64 4.0 D

Here comes the examples ...

/usr/var/adm/syslog.dated/25-Mar-12:47>ps -edf|grep telnetd
root 878 541 0.0 10:09:17 ?? 0:00.02 telnetd
root 11499 541 0.0 09:26:37 ?? 0:00.03 telnetd
root 15239 541 0.0 09:35:42 ?? 0:00.04 telnetd
root 15846 541 0.0 15:07:11 ?? 0:00.03 telnetd
root 22198 541 0.0 06:39:03 ?? 0:00.03 telnetd
root 24598 541 0.0 08:49:44 ?? 0:00.27 telnetd
root 24691 541 0.0 09:54:38 ?? 0:00.03 telnetd
root 26336 541 0.0 08:55:43 ?? 0:00.14 telnetd
root 27064 541 0.0 09:56:11 ?? 0:00.62 telnetd
root 30133 541 0.0 10:02:51 ?? 0:00.07 telnetd
root 1985 26278 0.0 10:10:54 ttyp7 0:00.01 grep telnetd

/usr/var/adm/syslog.dated/25-Mar-12:47>cat daemon.log|tail -10
Mar 26 10:10:14 smp1 telnetd[426]: ttloop: peer died: Not owner
Mar 26 10:10:19 smp1 telnetd[1371]: ttloop: peer died: Not owner
Mar 26 10:10:24 smp1 telnetd[1919]: ttloop: peer died: Not owner
Mar 26 10:10:29 smp1 telnetd[1745]: ttloop: peer died: Not owner
Mar 26 10:10:34 smp1 telnetd[935]: ttloop: peer died: Not owner
Mar 26 10:10:39 smp1 telnetd[683]: ttloop: peer died: Not owner
Mar 26 10:10:44 smp1 telnetd[1723]: ttloop: peer died: Not owner
Mar 26 10:10:49 smp1 telnetd[1143]: ttloop: peer died: Not owner
Mar 26 10:10:54 smp1 telnetd[1797]: ttloop: peer died: Not owner
Mar 26 10:10:59 smp1 telnetd[1717]: ttloop: peer died: Not owner

/usr/var/adm/syslog.dated/25-Mar-12:47>uptime
10:25 up 21:40, 14 users, load average: 1.06, 0.98, 1.08

Thanks in advance ...

Marcelo Fiuza
marcelo.fiuza_at_intelig.net.br

------_=_NextPart_003_01C0B612.FB818590
Content-Type: text/html;
 charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
<TITLE>RE: Daemon.log with "ttloop: peer died: Not owner" messages</TITLE>
</HEAD>
<BODY>

Could be a routing problem, where the opening of the TCP connection cannot
 complete. SYN comes in but SYN, ACK cannot reach the peer. Check for
 SYN_RCVD stat of connections with netstat command.
 SYN<-
 SYN->ACK->
 ACK->


-----Original Message-----
 From: Marcelo Fiuza [<A HREF="mailto:marcelo.fiuza_at_intelig.net.br">mailto:marcelo.fiuza_at_intelig.net.br</A>]
 Sent: Monday, March 26, 2001 15:26
 To: tru64-unix-managers_at_ornl.gov
 Subject: Daemon.log with "ttloop: peer died: Not owner" messages

 
 

Gurus, 


        Daemon.log file is receiving a lot of "ttloop:  peer died: Not
 owner" messages. The system is running well, but I´m sure it´s not normal.
 How do I solve this problem ?!?


        Info1 : I did Shutdown the system yesterday ...  I thought it would
 solve the problem, but it didn´t. 
         Info2 : It´s a Alpha 4100 running Tru64 4.0 D 

 
 

Here comes the examples ... 


/usr/var/adm/syslog.dated/25-Mar-12:47>ps -edf|grep telnetd 
 root        878    541  0.0 10:09:17 ??           0:00.02 telnetd 
 root      11499    541  0.0 09:26:37 ??           0:00.03 telnetd 
 root      15239    541  0.0 09:35:42 ??           0:00.04 telnetd 
 root      15846    541  0.0 15:07:11 ??           0:00.03 telnetd 
 root      22198    541  0.0 06:39:03 ??           0:00.03 telnetd 
 root      24598    541  0.0 08:49:44 ??           0:00.27 telnetd 
 root      24691    541  0.0 09:54:38 ??           0:00.03 telnetd 
 root      26336    541  0.0 08:55:43 ??           0:00.14 telnetd 
 root      27064    541  0.0 09:56:11 ??           0:00.62 telnetd 
 root      30133    541  0.0 10:02:51 ??           0:00.07 telnetd 
 root       1985  26278  0.0 10:10:54 ttyp7        0:00.01 grep telnetd 


/usr/var/adm/syslog.dated/25-Mar-12:47>cat daemon.log|tail -10 
 Mar 26 10:10:14 smp1 telnetd[426]: ttloop:  peer died: Not owner 
 Mar 26 10:10:19 smp1 telnetd[1371]: ttloop:  peer died: Not owner 
 Mar 26 10:10:24 smp1 telnetd[1919]: ttloop:  peer died: Not owner 
 Mar 26 10:10:29 smp1 telnetd[1745]: ttloop:  peer died: Not owner 
 Mar 26 10:10:34 smp1 telnetd[935]: ttloop:  peer died: Not owner 
 Mar 26 10:10:39 smp1 telnetd[683]: ttloop:  peer died: Not owner 
 Mar 26 10:10:44 smp1 telnetd[1723]: ttloop:  peer died: Not owner 
 Mar 26 10:10:49 smp1 telnetd[1143]: ttloop:  peer died: Not owner 
 Mar 26 10:10:54 smp1 telnetd[1797]: ttloop:  peer died: Not owner 
 Mar 26 10:10:59 smp1 telnetd[1717]: ttloop:  peer died: Not owner 


/usr/var/adm/syslog.dated/25-Mar-12:47>uptime 
 10:25  up 21:40,  14 users,  load average: 1.06, 0.98, 1.08 

 
 

Thanks in advance ... 

 

Marcelo Fiuza 
 marcelo.fiuza_at_intelig.net.br 

 
 
 
 
 
 
 

</BODY>
</HTML>
------_=_NextPart_003_01C0B612.FB818590--

attached mail follows:

Hi,

I've seen a similar thing that was caused when one of our users was
using a piece of software that connected to the telnet port to check system
availability. I was able to track down the source IP address using tcpdump
command in Tru64. Can't remember the syntax though - it's in the man pages.
Hope this helps...

Thanks and Regards.

Phil

> -----Original Message-----
> From: Marcelo Fiuza [SMTP:marcelo.fiuza_at_intelig.net.br]
> Sent: 26 March 2001 14:26
> To: tru64-unix-managers_at_ornl.gov
> Subject: Daemon.log with "ttloop: peer died: Not owner" messages
>
> Gurus,
>
> Daemon.log file is receiving a lot of "ttloop: peer died: Not
> owner" messages. The system is running well, but I´m sure it´s not normal.
> How do I solve this problem ?!?
>
> Info1 : I did Shutdown the system yesterday ... I thought it
> would solve the problem, but it didn´t.
> Info2 : It´s a Alpha 4100 running Tru64 4.0 D
>
>
>
> Here comes the examples ...
>
> /usr/var/adm/syslog.dated/25-Mar-12:47>ps -edf|grep telnetd
> root 878 541 0.0 10:09:17 ?? 0:00.02 telnetd
> root 11499 541 0.0 09:26:37 ?? 0:00.03 telnetd
> root 15239 541 0.0 09:35:42 ?? 0:00.04 telnetd
> root 15846 541 0.0 15:07:11 ?? 0:00.03 telnetd
> root 22198 541 0.0 06:39:03 ?? 0:00.03 telnetd
> root 24598 541 0.0 08:49:44 ?? 0:00.27 telnetd
> root 24691 541 0.0 09:54:38 ?? 0:00.03 telnetd
> root 26336 541 0.0 08:55:43 ?? 0:00.14 telnetd
> root 27064 541 0.0 09:56:11 ?? 0:00.62 telnetd
> root 30133 541 0.0 10:02:51 ?? 0:00.07 telnetd
> root 1985 26278 0.0 10:10:54 ttyp7 0:00.01 grep telnetd
>
> /usr/var/adm/syslog.dated/25-Mar-12:47>cat daemon.log|tail -10
> Mar 26 10:10:14 smp1 telnetd[426]: ttloop: peer died: Not owner
> Mar 26 10:10:19 smp1 telnetd[1371]: ttloop: peer died: Not owner
> Mar 26 10:10:24 smp1 telnetd[1919]: ttloop: peer died: Not owner
> Mar 26 10:10:29 smp1 telnetd[1745]: ttloop: peer died: Not owner
> Mar 26 10:10:34 smp1 telnetd[935]: ttloop: peer died: Not owner
> Mar 26 10:10:39 smp1 telnetd[683]: ttloop: peer died: Not owner
> Mar 26 10:10:44 smp1 telnetd[1723]: ttloop: peer died: Not owner
> Mar 26 10:10:49 smp1 telnetd[1143]: ttloop: peer died: Not owner
> Mar 26 10:10:54 smp1 telnetd[1797]: ttloop: peer died: Not owner
> Mar 26 10:10:59 smp1 telnetd[1717]: ttloop: peer died: Not owner
>
> /usr/var/adm/syslog.dated/25-Mar-12:47>uptime
> 10:25 up 21:40, 14 users, load average: 1.06, 0.98, 1.08
>
>
>
> Thanks in advance ...
>
>
> Marcelo Fiuza
> marcelo.fiuza_at_intelig.net.br
>
>
>
>
>
>
>
>
>

TEXT/x-cdsi-msrtf attachment: RE: Daemon.log with \"ttloop: peer died: Not owner\" messages

Received on Mon Mar 26 2001 - 16:40:46 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:42 NZDT