On Fri, Sep 13, 2002 at 12:06:29AM +0300, [EMAIL PROTECTED] wrote: > Well, I added a rule to log connections to port 113 and saw > this after connecting and sending it "b00": > Sep 13 00:03:56 TCL kernel: IN=lo OUT= > MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 > DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21357 DF > PROTO=TCP SPT=33982 DPT=113 WINDOW=32767 RES=0x00 SYN URGP=0 > Sep 13 00:03:56 TCL kernel: IN=lo OUT= > MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 > DST=127.0.0.1 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=21358 DF > PROTO=TCP SPT=33982 DPT=113 WINDOW=32767 RES=0x00 ACK URGP=0
Er, this looks like your "b00" connection. I don't see how that's relevant. We want to rule out *external* intervention, not analyze how identd behaves when you connect to it. You could use your firewall's native logging facilities for that purpose, but a "tcpdump port 113" is a much faster way of doing it. > (looping), service terminated [snip log] > > > also, the strace i ran showed: > Process 15500 attached > Process 15520 attached Hm. It is not wise to run commands blindly. The strace command sent its output to inetd-log, if you copied the command to the letter. Examine that log file, and optionally report interesting findings. While you're at it, I suggest you read the manual page for strace and determine how the options "-f" and "-o" affect strace's behavior. Regards, Yotam Rubin
msg21778/pgp00000.pgp
Description: PGP signature