On Fri, Sep 13, 2002 at 12:06:29AM +0300, [EMAIL PROTECTED] wrote: > Well, I added a rule to log connections to port 113 and saw > this after connecting and sending it "b00": > Sep 13 00:03:56 TCL kernel: IN=lo OUT= > MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 > DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21357 DF > PROTO=TCP SPT=33982 DPT=113 WINDOW=32767 RES=0x00 SYN URGP=0 > Sep 13 00:03:56 TCL kernel: IN=lo OUT= > MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 > DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21358 DF > PROTO=TCP SPT=33982 DPT=113 WINDOW=32767 RES=0x00 ACK URGP=0
Er, this looks like your "b00" connection. I don't see how that's relevant.
We want to rule out *external* intervention, not analyze how identd behaves
when you connect to it. You could use your firewall's native logging
facilities for that purpose, but a "tcpdump port 113" is a much faster way of
doing it.
> (looping), service terminated
[snip log]
>
>
> also, the strace i ran showed:
> Process 15500 attached
> Process 15520 attached
Hm. It is not wise to run commands blindly. The strace command sent its
output to inetd-log, if you copied the command to the letter.
Examine that log file, and optionally report interesting findings.
While you're at it, I suggest you read the manual page for strace and
determine how the options "-f" and "-o" affect strace's behavior.
Regards, Yotam Rubin
msg21778/pgp00000.pgp
Description: PGP signature
