[NCLUG] FW: strange message sent to root
Mike Loseke
mike at verinet.com
Tue Feb 27 09:12:22 MST 2001
Thus spake mike cullerton:
> on 2/27/01 8:58 AM, Mike Loseke at mike at verinet.com wrote:
> >
> > You do realize that this is output from tcp_wrappers detecting someone
> > attempting to scan or hit a service on your box for which this trap has
> > been sent, correct?
> >
> > What happened was that someone was scanning your box for open ports.
> > Seems that tcp_wrappers is listening to them and configured to do a
> > safe_finger back at them to try to determine who was logged on there.
> >
> > Check /etc/inetd.conf, I'll bet stuff is being run by tcpd.
>
> mike, i don't understand what you are trying to tell me here. my inetd.conf
> only has time, ftp, cvspserver and imap2.
Do they look something like this:
imap stream tcp nowait root /usr/sbin/tcpd imapd
/usr/sbin/tcpd is the tcp_wrappers program. It references /etc/hosts.allow
and /etc/hosts.deny for what to do in certain situations.
--
Mike Loseke | If at first you don't succeed,
mike at verinet.com | increase the amperage.
More information about the NCLUG
mailing list