Solved! Re: [NCLUG] FW: strange message sent to root
mike cullerton
michaelc at cullerton.com
Tue Feb 27 09:49:17 MST 2001
ding, ding, ding, i think we have a winner. (thanks mike)
i found this at the very bottom of my /etc/hosts.allow
ALL : ALL : spawn (/usr/sbin/safe_finger -l @%h | /bin/mail root) & : DENY
so, let me see if i can explain what happened. someone tried to connect to a
port on my box that i don't allow. since it was denied, this line in
hosts.allow tried to finger the the incoming connection.
and, it mailed root on my box
yes?
again, thanks mike,
mike
on 2/27/01 9:36 AM, Mike Loseke at mike at verinet.com wrote:
> Thus spake mike cullerton:
>>>
>>> Do you have a similar config in place?
>>
>> not that i can find.
>>
>> imap2 stream tcp nowait root /usr/sbin/tcpd /usr/sbin/imapd
>>
>> hmmm... i'm wondering of tcp-wrappers can be set up like this in general.
>> i'm reading man pages now...
>
> I'm running with a not-current version so the default behaviour may be
> different on yours than mine. To be honest it's been quite some time since
> I even read the man pages. :-)
-- mike cullerton
More information about the NCLUG
mailing list