[lug] Identd error...

Sexton, George gsexton at mhsoftware.com
Mon Aug 27 15:37:33 MDT 2001


Are you running fetchmail connecting to a remote pop server?

-----Original Message-----
From: lug-admin at lug.boulder.co.us [mailto:lug-admin at lug.boulder.co.us]On
Behalf Of Justin
Sent: 27 August, 2001 3:32 PM
To: lug at lug.boulder.co.us
Subject: Re: [lug] Identd error...


Hrmm, well I'll see if anything shows up in a logger. The weird thing 
is these errors are showing up in intervals of 1-5 minutes always on 
the 00 second:

Aug 27 15:18:00 deviant identd[28359]: request_thread: read(10, ..., 
1023) failed: Connection reset by peer
Aug 27 15:19:00 deviant identd[28361]: request_thread: read(10, ..., 
1023) failed: Connection reset by peer
Aug 27 15:22:00 deviant identd[28377]: request_thread: read(10, ..., 
1023) failed: Connection reset by peer
Aug 27 15:24:31 deviant PAM_pwdb[26395]: (sshd) session closed for user 
monicle
Aug 27 15:25:00 deviant identd[28384]: request_thread: read(10, ..., 
1023) failed: Connection reset by peer
Aug 27 15:27:00 deviant identd[28393]: request_thread: read(10, ..., 
1023) failed: Connection reset by peer

I don't think this would be somesort of malicious activity.

Justin

> Justin wrote:
> > 
> > I have been getting tons of these errors in my log but I have no 
idea
> > what they are from. Anyone have any idea?
> > 
> > Aug 26 04:09:00 deviant identd[18103]: request_thread: read(9, ...,
> > 1023) failed: Connection reset by peer
> > 
> 
> I haven't heard of any exploits against identd. I suppose it is 
possible
> that someone is using a spoof of your ID for DoS against someone, and
> that other party being hit is trying to auth the source. You might 
want
> to turn on ipchains logging of port 113 to see if the hits are all 
from
> one machine (or just a few).
> 
> D. Stimits, stimits at idcomm.com
> 
> > TIA.
> > 
> > Justin
> > 
> > -----
> > glow at jackmoves.com
> > www.jackmoves.com
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> 
> 

-----
glow at jackmoves.com
www.jackmoves.com
_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug




More information about the LUG mailing list