[lug] Identd error...

Justin glow at jackmoves.com
Mon Aug 27 17:27:52 MDT 2001 

Nope...

> Are you running fetchmail connecting to a remote pop server?
> 
> -----Original Message-----
> From: lug-admin at lug.boulder.co.us [mailto:lug-admin at lug.boulder.co.us]
On
> Behalf Of Justin
> Sent: 27 August, 2001 3:32 PM
> To: lug at lug.boulder.co.us
> Subject: Re: [lug] Identd error...
> 
> 
> Hrmm, well I'll see if anything shows up in a logger. The weird thing 
> is these errors are showing up in intervals of 1-5 minutes always on 
> the 00 second:
> 
> Aug 27 15:18:00 deviant identd[28359]: request_thread: read(10, ..., 
> 1023) failed: Connection reset by peer
> Aug 27 15:19:00 deviant identd[28361]: request_thread: read(10, ..., 
> 1023) failed: Connection reset by peer
> Aug 27 15:22:00 deviant identd[28377]: request_thread: read(10, ..., 
> 1023) failed: Connection reset by peer
> Aug 27 15:24:31 deviant PAM_pwdb[26395]: (sshd) session closed for 
user 
> monicle
> Aug 27 15:25:00 deviant identd[28384]: request_thread: read(10, ..., 
> 1023) failed: Connection reset by peer
> Aug 27 15:27:00 deviant identd[28393]: request_thread: read(10, ..., 
> 1023) failed: Connection reset by peer
> 
> I don't think this would be somesort of malicious activity.
> 
> Justin
> 
> > Justin wrote:
> > > 
> > > I have been getting tons of these errors in my log but I have no 
> idea
> > > what they are from. Anyone have any idea?
> > > 
> > > Aug 26 04:09:00 deviant identd[18103]: request_thread: read
(9, ...,
> > > 1023) failed: Connection reset by peer
> > > 
> > 
> > I haven't heard of any exploits against identd. I suppose it is 
> possible
> > that someone is using a spoof of your ID for DoS against someone, 
and
> > that other party being hit is trying to auth the source. You might 
> want
> > to turn on ipchains logging of port 113 to see if the hits are all 
> from
> > one machine (or just a few).
> > 
> > D. Stimits, stimits at idcomm.com
> > 
> > > TIA.
> > > 
> > > Justin
> > > 
> > > -----
> > > glow at jackmoves.com
> > > www.jackmoves.com
> > > _______________________________________________
> > > Web Page:  http://lug.boulder.co.us
> > > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > 
> > 
> 
> -----
> glow at jackmoves.com
> www.jackmoves.com
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> 
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> 
> 

-----
glow at jackmoves.com
www.jackmoves.com

More information about the LUG mailing list