Re: refused connect from 'unknown'

[Pere Camps <pere@casal.upc.es>]

Daniel,

> No - not if the person connecting disconnects almost instantly; what
> can happen is that if the person in question opens and then closes a
> connection almost instantly, the connection goes to inetd, which
> accepts it, but before tcpd (which is what inetd hands telnet
> connections off to, and which is the program generating these log
> messages) gets the connection and finds out who's on the other end,
> the connection is closed, and tcpd is left without a clue, hence the
> confusing error messages.

	I see. Very weird stuff anyway. I though that inetd was the one
who logged the stuff.

> This is usually done as part of a port scan - testing to see which
> ports are accessible on your machine.  There ought to be an option to
> inetd to log all tcp connections before passing them off to something
> else to handle, but I can see how that could get to be a hassle on a
> busy machine.

	I've checked, and there's no option. I've installed icmplogd and
tcplogd which log all connection attemps to my machine. The log file is
growing quite big, but that's what you get. So far no strange port
probing, but a lot of icmp messages that I do not quite understand. When I
have time, I'll look at them.

	Thanks a lot for your help!

-- p.