port scanning breaks inetd ? from Jeffrey M. Foster on 2001-08-08 (tru64-unix-managers)

From: Jeffrey M. Foster <jfoster_at_uclink.berkeley.edu>
Date: Tue, 07 Aug 2001 16:20:09 -0700

anyone seen this?
we are running an es-40, Du4.0F, latest patch cluster.

twice we have seen inetd stop responding to connections. after a reboot
we see the following information in our logs just before the problem.
(replaced hostname with xxx0

May 31 12:14:44 xxx xntpd[554]: synchronized to 169.229.15.5, stratum=1
May 31 12:15:09 xxx sshd[29453]: warning: can't get client address:
Connection reset by peer
May 31 12:15:09 xxx sshd[29453]: warning: can't get client address:
Connection reset by peer
May 31 12:15:09 xxx sshd[29453]: error: setsockopt SO_KEEPALIVE: Invalid
argument
May 31 12:15:09 xxx sshd[29453]: error: setsockopt SO_KEEPALIVE: Invalid
argument
May 31 12:15:09 xxx sshd[29453]: error: setsockopt IPTOS_LOWDELAY:
Invalid argument
May 31 12:15:09 xxx sshd[29453]: error: setsockopt IPTOS_LOWDELAY:
Invalid argument
May 31 12:15:09 xxx sshd[29453]: error: setsockopt TCP_NODELAY: Invalid
argument
May 31 12:15:09 xxx sshd[29453]: error: setsockopt TCP_NODELAY: Invalid
argument
May 31 12:15:09 xxx sshd[29453]: error: getpeername failed: Invalid
argument
May 31 12:15:09 xxx sshd[29453]: error: getpeername failed: Invalid
argument
May 31 12:15:09 xxx sshd[29453]: error: getpeername failed: Invalid
argument
May 31 12:15:09 xxx sshd[29453]: log: Connection from (null) port 0
May 31 12:15:09 xxx sshd[29453]: error: getpeername failed: Invalid
argument
May 31 12:15:09 xxx sshd[29453]: log: Connection from (null) port 0
May 31 12:15:09 xxx sshd[29453]: error: getpeername failed: Invalid
argument
May 31 12:15:09 xxx sshd[29453]: error: getpeername failed: Invalid
argument
May 31 12:15:09 xxx sshd[29453]: error: getpeername failed: Invalid
argument
May 31 12:15:09 xxx sshd[29453]: fatal: Could not write ident string.
May 31 12:15:09 xxx sshd[29453]: error: getpeername failed: Invalid
argument
May 31 12:15:09 xxx sshd[29453]: fatal: Could not write ident string.

    pop3d_May31: *** error - not a login: May 31 12:15:09 hostname
pop3d[29479]:

    pop3d_May31: *** error - not a login: May 31 12:15:09 xxx
pop3d[29479]: warning: can't get client address:
Connection reset by peer
        pop3d_May31: *** error - not a login: May 31 12:15:09 hxxx
pop3d[29479]: connect from unknown

It looks to me like my system was being scanned for security loopholes.
I'm wondering if anyone on this list could elaborate on the significance
of these messages. In particular: what sort of loopholes were being
searched for and was an exploit successfully executed?

we scanned the system with all nmap options and strobe. the system
reported the scans but did not
stop responding to network connections.

thaks for any information

Jeff

-- 
Jeff Foster
SDA UNIX, 257 Evan Hall
UC Berkeley 2.8552

Received on Tue Aug 07 2001 - 23:20:57 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:42 NZDT