Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: /var/log/secure disturbing messages
« previous next »
Pages: [1]   Go Down

/var/log/secure disturbing messages

  • 5 Replies
  • 879 Views

Jori

/var/log/secure disturbing messages
« on: December 22, 2001, 01:51:00 PM »
Dec 16 10:00:46 router xinetd[725]: START: auth pid=5315 from=213.131.131.155
Dec 16 10:41:50 router xinetd[725]: START: auth pid=5326 from=64.77.41.227
Dec 16 10:42:48 router xinetd[725]: START: auth pid=5327 from=64.77.41.227
Dec 16 10:48:13 router xinetd[725]: START: auth pid=5328 from=213.131.131.155
Dec 16 16:26:11 router xinetd[725]: START: auth pid=5409 from=62.250.14.14
Dec 16 16:26:36 router xinetd[725]: START: auth pid=5410 from=213.131.131.155
Dec 16 16:26:46 router xinetd[725]: START: auth pid=5411 from=213.131.131.155
Dec 16 16:26:48 router xinetd[725]: START: auth pid=5412 from=213.131.131.155
Dec 16 16:27:02 router xinetd[725]: START: auth pid=5413 from=195.162.203.183

and this goes on for a while....

Does anyone know what this is? when i do a portscan on myself, port 113 is open. I read somewhere that 113 is auth?

I have no idea what auth is, but I do want this to go away if possible :]
Logged

Vic

Re: /var/log/secure disturbing messages
« Reply #1 on: December 22, 2001, 03:18:14 PM »
Logged

Jori

Re: /var/log/secure disturbing messages
« Reply #2 on: December 22, 2001, 03:35:41 PM »
hmmmm, so I can just shut down the auth service? And everything will continue to function normally?
(dont use sendmail)

How do I do that? :)

/etc/xinetd.conf

service auth
{
    socket_type                 = stream
    wait                        = no
    user                        = nobody
    server                      = /usr/sbin/in.identd
    server_args                 = -l -e -o -q
}


should I change something in there (in templates)? Or can I just not allow any connections to 113 through the firewall? (if so, how?)
Logged

Jon Thiele

Re: /var/log/secure disturbing messages
« Reply #3 on: December 22, 2001, 10:01:16 PM »
Jori wrote:
>

> Does anyone know what this is? when i do a portscan on
> myself, port 113 is open. I read somewhere that 113 is auth?
>
> I have no idea what auth is, but I do want this to go away if
> possible :]

you should look at this message from 10 months ago that explains the open ports and why they are needed:

http://e-smith.org/bboard/read.php?f=3&i=2649&t=2647
Logged

Kelvin

Re: /var/log/secure disturbing messages
« Reply #4 on: December 22, 2001, 11:29:43 PM »
Jori,

You can edit the ipchain rules to deny any port 113 connections on your external interface. I do this with all the servers I set up (along with a few other unneeded ports as well :) ). Just search this forum for the word masq and you should be able to find what you need.

Kelvin
Logged

Charlie Brady

Re: /var/log/secure disturbing messages
« Reply #5 on: December 29, 2001, 04:51:17 AM »
Kelvin wrote:

> You can edit the ipchain rules to deny any port 113
> connections on your external interface. I do this with all
> the servers I set up (along with a few other unneeded ports
> as well :) ). Just search this forum for the word masq and
> you should be able to find what you need.

No need to edit anything. Just do:

/sbin/e-smith/db configuration setprop auth status disabled
/sbin/e-smith/signal-event remoteaccess-update

Regards

Charlie
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Legacy Forums
  3. Experienced User Forum
  4. Topic: /var/log/secure disturbing messages