Hi to all, I'm running a public server with SuSE 8.1 and I've recently discovered some strange log entries (19:32:52 was the first time when this error occured): Nov 28 19:32:52 ***** tcpd[18129]: warning: can't get client address: Socket operation on non-socket Nov 28 19:32:56 ***** last message repeated 3695 times Nov 28 21:17:41 ***** tcpd[21930]: warning: can't get client address: Socket operation on non-socket Nov 28 21:17:43 ***** last message repeated 1445 times Nov 28 21:28:32 ***** tcpd[22733]: warning: can't get client address: Socket operation on non-socket Nov 28 21:28:33 ***** last message repeated 1015 times Therefore I searched the web for this error and found out that this might be symptoms of a rootkit, so I ran chkrootkit but it didn't find any infected files. Now I've got two questions: 1) Is somebody scanning my machine for the mentioned rookit or trying to break in? 2) How can I find out which application invokes tcpd (or vice versa) and causes the error? (inetd definitely does not) Regards Freddy