>From within the main screen of SA (main tree with entries) do CTRL-P to get the protocol screen. Then goto TCP-TELNET and enabled the LINGER option and try again.
Dirk. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nico Schuijff (GarantiBank International NV) Sent: Tuesday, December 14, 2004 10:30 AM To: [EMAIL PROTECTED] Subject: RE: [SA-list] syslog-errors due telnet-check whoops, sorry.. i turned it off.. I have build 1609, and i'm using the standard telnetcheck on port 23.. and there is nothing filled in the "packet fields" under protocols-tcp-telnet. should i fill in something there? Nico -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dirk Bulinckx Posted At: Tuesday, December 14, 2004 09:51 Posted To: Servers Alive Conversation: [SA-list] syslog-errors due telnet-check Subject: RE: [SA-list] syslog-errors due telnet-check Can you stop send message with READ receipts to the list? And what can of check are you using within Servers Alive? (what version of Servers Alive?) Dirk. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nico Schuijff (GarantiBank International NV) Sent: Tuesday, December 14, 2004 9:42 AM To: [EMAIL PROTECTED] Subject: RE: [SA-list] syslog-errors due telnet-check Yes, reverse DNS is enabled, we've tested that.. when i search for this error in Google, i find a lot similar descriptions like this: source: http://www.secinf.net/unix_security/Know_Your_Enemy_II.html ( this is for nmap in particular but i think it is related:) -------------------------------------QUOTE---------------------------------- -------------------------------- More often, users will select the -sS flag for port scanning. This is a stealthier option, as only a SYN packet is sent. If the remote system responds, the connection is immediately torn down with a RST. The logs from such a scan looks as follows (NOTE: Only the first five entries are included here). /var/log/secure Apr 14 21:25:08 mozart in.rshd[11717]: warning: can't get client address: Connection reset by peer Apr 14 21:25:08 mozart in.rshd[11717]: connect from unknown Apr 14 21:25:09 mozart in.timed[11718]: warning: can't get client address: Connection reset by peer Apr 14 21:25:09 mozart in.timed[11718]: connect from unknown Apr 14 21:25:09 mozart imapd[11719]: warning: can't get client address: Connection reset by peer Apr 14 21:25:09 mozart imapd[11719]: connect from unknown Apr 14 21:25:09 mozart ipop3d[11720]: warning: can't get client address: Connection reset by peer Apr 14 21:25:09 mozart ipop3d[11720]: connect from unknown Apr 14 21:25:09 mozart in.rlogind[11722]: warning: can't get client address: Connection reset by peer Apr 14 21:25:09 mozart in.rlogind[11722]: connect from unknown Notice all the errors in the connections. Since the SYN-ACK sequence is torn down before a complete connection can be made, the daemon cannot determine the source system. The logs show that you have been scanned, unfortunately you do not know by whom. What is even more alarming is, on most other systems (including newer kernels of Linux), none of these errors would have been logged. To qoute Fyodor " ... based on all the 'connection reset by peer' messages. This is a Linux 2.0.XX oddity -- virtually every other system (including the 2.2 and later 2.1 kernels) will show nothing. That bug (accept() returning before completion of the 3-way handshake) was fixed." -----------------------------------------------END QUOTE-------------------------------------------------------------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Walker, Chuck Sent: Monday, December 13, 2004 17:17 To: [EMAIL PROTECTED] Subject: RE: [SA-list] syslog-errors due telnet-check Ok this may be a long shot but do you have reverse DNS enabled? We have an issue like this here and the fix was to setup a reverse DNS. Chuck Walker "Information Technologies. . . Working to Provide Quality Healthcare Solutions for Quality Care." We do not stop playing because we grow old; we grow old because we stop playing. Skaggs Community Health Center 251 Skaggs Rd Branson MO 65616 417 335-7712 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nico Schuijff (GarantiBank International NV) Sent: Monday, December 13, 2004 9:54 AM To: [EMAIL PROTECTED] Subject: [SA-list] syslog-errors due telnet-check Hi all, when i perform the telnet-check on a unix-server here, this server is filling his logs with the following errors: ------------------ 275865 xxx.xxx.xxx.xxx info telnetd 2004-12-11 12:54:33 telnetd[18510]: connect from unknown 276050 xxx.xxx.xxx.xxx err telnetd 2004-12-11 12:56:56 telnetd[11993]: warning: can't get client address: Connection reset by peer 276052 xxx.xxx.xxx.xxx info telnetd 2004-12-11 12:56:56 telnetd[11993]: connect from unknown 276203 xxx.xxx.xxx.xxx err telnetd 2004-12-11 12:59:21 telnetd[18600]: warning: can't get client address: Connection reset by peer 276205 xxx.xxx.xxx.xxx info telnetd 2004-12-11 12:59:21 telnetd[18600]: connect from unknown 276388 xxx.xxx.xxx.xxx err telnetd 2004-12-11 13:01:50 telnetd[23560]: warning: can't get client address: Connection reset by peer 276390 xxx.xxx.xxx.xxx info telnetd 2004-12-11 13:01:50 telnetd[23560]: connect from unknown 276621 xxx.xxx.xxx.xxx err telnetd 2004-12-11 13:04:14 telnetd[23578]: warning: can't get client address: Connection reset by peer 276623 xxx.xxx.xxx.xxx info telnetd 2004-12-11 13:04:14 telnetd[23578]: connect from unknown ----------------- It looks like Servers Alive is disconnecting to fast or something, this happened on a couople of unix-servers here. What can i do about this? thanks, Nico Schuijff This e-mail and its attachments are only intended for the individual(s) or entity(entities) to whom they are addressed and may contain personal and/or confidential information. If you are not the intended recipient please notify the sender immediately and/or notify us by telephoning +31 (20) 5539 800 (IT Helpdesk). Any dissemination, duplication, publication to third parties or other use of the contents of this e-mail or its attachments is unauthorized. GarantiBank International N.V. shall not accept any responsibility for errors, omissions or other inaccuracies in this information or for the consequences thereof. The content of the email is not legally binding. In the event of incomplete or incorrect transmission please return the e-mail to the sender. ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive This e-mail and its attachments are only intended for the individual(s) or entity(entities) to whom they are addressed and may contain personal and/or confidential information. If you are not the intended recipient please notify the sender immediately and/or notify us by telephoning +31 (20) 5539 800 (IT Helpdesk). Any dissemination, duplication, publication to third parties or other use of the contents of this e-mail or its attachments is unauthorized. GarantiBank International N.V. shall not accept any responsibility for errors, omissions or other inaccuracies in this information or for the consequences thereof. The content of the email is not legally binding. In the event of incomplete or incorrect transmission please return the e-mail to the sender. ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive This e-mail and its attachments are only intended for the individual(s) or entity(entities) to whom they are addressed and may contain personal and/or confidential information. If you are not the intended recipient please notify the sender immediately and/or notify us by telephoning +31 (20) 5539 800 (IT Helpdesk). Any dissemination, duplication, publication to third parties or other use of the contents of this e-mail or its attachments is unauthorized. GarantiBank International N.V. shall not accept any responsibility for errors, omissions or other inaccuracies in this information or for the consequences thereof. The content of the email is not legally binding. In the event of incomplete or incorrect transmission please return the e-mail to the sender. ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive ------------------------- [This E-mail scanned for viruses by Declude Virus] To unsubscribe from a list, send a mail message to [EMAIL PROTECTED] With the following in the body of the message: unsubscribe SAlive
