Well, you experts made this one look easy! Here's my original question...
==============
I'm getting some entries in the xdm-errors file that I don't understand.
The machine in question is a DS-20 running 4.0F. The entries appear in an
approximate 40 second period: for 20 seconds, there is one entry each
second of the form...
AUDIT: Wed Nov 7 17:36:15 2001: 9851 X: client 5 rejected from IP
xx.xx.xx.xx port nnn
where 9851 is the PID of the X process, xx.xx.xx.xx is the IP address of
the machine where the xdm-errors file is located, and the port number nnn
increments between successive entries but always seems to be a "small"
multiple of 256 (N*256 where N=1 to about 12). This is followed by a
"quiet" interval when there are no entries. Then the cycle repeats with 20
entries as above.... Our other 4 machines in the lab do not have this
problem.
Does this indicate a security breach? Some kind of polling by client...?
Needless to say, this makes the error log file VERY large over time, so I
want to get to the bottom of this...
==============
My thanks go to:
"Macneil, Andrew" <amacneil_at_ue.com.au>
Ian Mortimer <ian_at_physics.uq.edu.au>
Joe Fletcher <joe_at_meng.ucl.ac.uk>
As usual, this group is GREAT!
And now a couple of the answers...
From: "Macneil, Andrew" <amacneil_at_ue.com.au>...
I've had this happen on a system where Advanced Printing Services was
installed but not used.
The messages were caused by the Advanced Printing Services Console
Notification Daemon (/usr/pd/lib/pdconntf).
They were fixed by stopping it with "/sbin/init.d/apx stop".
To prevent a recurrence, unlink the "apx" startup and shutdown scripts in
/sbin/rc*.d.
From: Ian Mortimer <ian_at_physics.uq.edu.au>...
It's the Advanced Printing Software (apx). If you're not using it you
should turn it off. If you are using it you need to apply the relevant
patch:
http://ftp.service.digital.com/public/unix/v4.0d/apxbase100e001.README
Received on Thu Nov 08 2001 - 15:11:28 NZDT