[NCLUG] FW: strange message sent to root
mike cullerton
michaelc at cullerton.com
Tue Feb 27 09:18:08 MST 2001
on 2/27/01 9:12 AM, Mike Loseke at mike at verinet.com wrote:
> Thus spake mike cullerton:
>> on 2/27/01 8:58 AM, Mike Loseke at mike at verinet.com wrote:
>>>
>>> You do realize that this is output from tcp_wrappers detecting someone
>>> attempting to scan or hit a service on your box for which this trap has
>>> been sent, correct?
>>>
>>> What happened was that someone was scanning your box for open ports.
>>> Seems that tcp_wrappers is listening to them and configured to do a
>>> safe_finger back at them to try to determine who was logged on there.
>>>
>>> Check /etc/inetd.conf, I'll bet stuff is being run by tcpd.
>>
>> mike, i don't understand what you are trying to tell me here. my inetd.conf
>> only has time, ftp, cvspserver and imap2.
>
> Do they look something like this:
>
> imap stream tcp nowait root /usr/sbin/tcpd imapd
>
> /usr/sbin/tcpd is the tcp_wrappers program. It references /etc/hosts.allow
> and /etc/hosts.deny for what to do in certain situations.
that much i understand. but why is it mailing me?
-- mike cullerton
More information about the NCLUG
mailing list