Re: Scary syslog entries, random breakage

To: Daniel Burrows <dburrows@brown.edu>, debian-hurd@lists.debian.org
Subject: Re: Scary syslog entries, random breakage
From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
Date: Sun, 11 Mar 2001 20:38:07 +0100
Message-id: <[🔎] 20010311203807.D389@ulysses.dhis.net>
In-reply-to: <[🔎] 20010309230221.A719@torrent>; from dburrows@brown.edu on Fri, Mar 09, 2001 at 11:02:21PM -0500
References: <[🔎] 20010309230221.A719@torrent>

On Fri, Mar 09, 2001 at 11:02:21PM -0500, Daniel Burrows wrote:
>   So I compiled aptitude and libgmp3 on the Hurd, and took a look at rep (it
> looks like it has an undeclared build-dependency on libtool; at any rate,
> until I installed libtool the build process died complaining about
> inter-library dependencies in .la files)

Some versions of libtool are broken on the Hurd. Debian version 1.3.5-2 is
fixed, and 1.4 should work, too.
 
> Mar  9 19:47:57 torrent in.ftpd[3255]: connect from 62.155.182.148 with IP options (ignored): 01 00 00 00 34 14 02 01 70 82 04 08 01 00 00 00 00 00 00 00 1c 09 02 00 33 0c 18 06 cb 69 01 00 88 14 02 01 c8 07 02 00 37 84 04 08 11 84 04 08 4814 02 01 fa b8 02 01 44 19 02 01 24 79 02 01 28 0c 02 00 8c 14 02 01 f3 dd 00 0 1c 09 02 00 07 00 00 00 00 00 00 00 00 00 00 00 94 14 02 01 c4 19 02 01 65 c5 02 01 1e dd 00 00 c0 18 02 01 c0 14 02 01 60 1c 02 01 60 1c 02 01 07 00 00 00 01 00 00 00 04 9b 04 08 09 00 00 00 37 84 04 08 24 79 02 01 fc 1b 02 01 80 df 00 00 c0 18 02 01 a4 10 02 01 e0 b1 02 01 c8 07
>   Mar  9 19:47:57 torrent in.ftpd[3255]: connect from 62.155.182.148
>   Mar  9 19:47:57 torrent ftpd[3255]: fcntl F_SETOWN: Operation not supported
> 
>   I'm not an expert in security, but that looks like someone was trying to
> do something bad.

I see those, too, and I am not connected. It is probably not an attacker,
but a bug. Although the address is not bogus, the IP options are. (Try
telnet localhost and check the syslog).
It is a bug where we don't know the cause. Pfinet is sort of unstable right
now.
 
>   The address in question is some random overseas dialup.  I don't know
> what ftpd was even doing on my system; no package providing it was installed.

It's in "inetutils".

>   Assuming my security is still intact (which is actually likely, how many
> script kiddies are going to be targeting Hurd systems?)

Note that an IP stack diagnosis will show the Hurd system as a Linux 2.2
system.

Thanks,
Marcus

-- 
`Rhubarb is no Egyptian god.' Debian http://www.debian.org brinkmd@debian.org
Marcus Brinkmann              GNU    http://www.gnu.org    marcus@gnu.org
Marcus.Brinkmann@ruhr-uni-bochum.de
http://www.marcus-brinkmann.de

Reply to:

Follow-Ups:
- Re: Scary syslog entries, random breakage
  - From: Daniel Burrows <dburrows@brown.edu>
- Re: Scary syslog entries, random breakage
  - From: Oystein Viggen <oysteivi@tihlde.org>

References:
- Scary syslog entries, random breakage
  - From: Daniel Burrows <dburrows@brown.edu>

Prev by Date: xfree86v3_3.3.6-15_hurd-i386.changes INSTALLED
Next by Date: Re: Reports & Questions
Previous by thread: Re: Scary syslog entries, random breakage
Next by thread: Re: Scary syslog entries, random breakage
Index(es):
- Date
- Thread