Re: Out of control tcplogd
Wasn't tcplogd itself a security risk?
I think it was on the debian-security mailing list...
Regards,
Onno
At 11:07 PM 2/13/00 -0500, Mark Lynn wrote:
>I have two machines running Corel Linux 1.0 (not sure which debain
>release this corresponds to) and am having difficulty with
>one or possibly both of them. The one machine, named kovu,
>started responding with "Resource temporarily unavailable" messages
>when I tried to perform most any task from a shell. Upon further
>investigation, I noticed that it was swamped with sleeping tcplogd
>processes. The daemon log was full of messages of the form
>
>"tcplogd: port 832 connection attempt from unknown@meeko.sabado.com"
>
>and also
>
>"tcplogd: port 832 connection attempt from root@meeko.sabado.com"
>
>where meeko is my other linux box.
>
>
>Inspection of meeko's logs showed tons of messages of the form
>
>"tcplogd: auth connection attempt from kovu.sabado.com"
>
>
>On kovu, I restarted iplogger and all the sleeping tcplogd's went away.
>However, every 5-15 minutes a new one is added and I assume they will
>eventually chew up all available processes. There are no extra instances
>of tcplogd on meeko.
>
>Obviously, I've screwed something up somewhere, but don't know what.
>Any guess as to what's going on? Is there any particular significance
>to port 832? I didn't see it listed in the services. What on meeko could
>be attempting to open this port? Further, why does tcplogd keep spawning
>new processes that don't go away?
>
>I realize that iplogger is being replaced, but would really like to
>understand
>this problem before I explore upgrading packages.
>
>Thanks for any help.
>
>
>Mark Lynn
>Sabado Technologies
>mark@sabado.com
>
>
>--
>Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
>
>
>
Reply to: