Hi, There is sometimes a problem, logging into our two SuSE 7.0 (SMP) machines. Trying to log in with telnet procudes the following error Message: "telnetd: all network ports in use" In such a case it is not possible to log into the machine for several hours. Is this because of a portscan an anything else? Did anyone have a similar Problem? Christian Boxhammer -- Linux is like a Wigwam.. No Windows, no Gates, and Apache inside
Hi,
Hi,
There is sometimes a problem, logging into our two SuSE 7.0 (SMP) machines. Trying to log in with telnet procudes the following error Message: "telnetd: all network ports in use" In such a case it is not possible to log into the machine for several hours. Is this because of a portscan an anything else? Did anyone have a similar Problem?
Be sure that you compiled the kernel with "Unix98 PTY support" and "/dev/pts file system for Unix98 PTYs" options enabled. or add a line in your /etc/fstab none /dev/pts devpts mode=0620 0 0 then #mount -a I think this may help you. PS: Sorry for my English. MURAT KOC
There is sometimes a problem, logging into our two SuSE 7.0 (SMP) machines. Trying to log in with telnet procudes the following error Message: "telnetd: all network ports in use" In such a case it is not possible to log into the machine for several hours. Is this because of a portscan an anything else? Did anyone have a similar Problem?
Be sure that you compiled the kernel with "Unix98 PTY support" and "/dev/pts file system for Unix98 PTYs" options enabled.
or add a line in your /etc/fstab
none /dev/pts devpts mode=0620 0 0
The devpts filesystem gets mounted by /sbin/init.d/boot at boot time on SuSE distributions and are not listed in the fstab. It shouldn't matter if it shows up there, though. Nevertheless, this doesn't seem to be the problem here. It more or less looks like this machine has been under attack so that all available sockets have been used up. In particular, it seems to have been a SYN flood attack. There is no efficient countermeasure against this other than pulling the plug.
I think this may help you.
PS: Sorry for my English.
Nono... :-)
MURAT KOC
Thanks,
Roman.
--
- -
| Roman Drahtmüller
Hi,
none /dev/pts devpts mode=0620 0 0
The devpts filesystem gets mounted by /sbin/init.d/boot at boot time on SuSE distributions and are not listed in the fstab. It shouldn't matter if it shows up there, though.
Nevertheless, this doesn't seem to be the problem here. It more or less looks like this machine has been under attack so that all available sockets have been used up. In particular, it seems to have been a SYN flood attack. There is no efficient countermeasure against this other than pulling the plug.
I think this may help you.
Sorry, I am not a security guru:)) I just said the problem can be solved as I said because in telnetd.c -------------------------------------------------------------------- /* * Find an available pty to use. */ pty = getpty(); if (pty < 0) fatal(net, "All network ports in use"); --------------------------------------------------------------------- and what's getpty() ---------------------------------------------------------------------- int getpty(void) { int masterfd; if (openpty(&masterfd, &ptyslavefd, line, NULL, NULL)) { return -1; } return masterfd; } ----------------------------------------------------------------------- and in pty.h ----------------------------------------------------------------------- /* Create pseudo tty master slave pair with NAME and set terminal attributes according to TERMP and WINP and return handles for both ends in AMASTER and ASLAVE. */ extern int openpty __P ((int *__amaster, int *__aslave, char *__name, struct termios *__termp, struct winsize *__winp)); ----------------------------------------------------------------------- so and in glibc-2.2.2/login/openpty.c ----------------------------------------------------------------------- /* Create pseudo tty master slave pair and set terminal attributes according to TERMP and WINP. Return handles for both ends in AMASTER and ASLAVE, and return the name of the slave end in NAME. */ int openpty (int *amaster, int *aslave, char *name, struct termios *termp, struct winsize *winp) { #ifdef PATH_MAX char _buf[PATH_MAX]; #else char _buf[512]; #endif char *buf = _buf; int master, slave; master = getpt (); if (master == -1) return -1; if (grantpt (master)) goto fail; if (unlockpt (master)) goto fail; if (pts_name (master, &buf, sizeof (_buf))) goto fail; slave = open (buf, O_RDWR | O_NOCTTY); if (slave == -1) { if (buf != _buf) free (buf); goto fail; } /* XXX Should we ignore errors here? */ if(termp) tcsetattr (slave, TCSAFLUSH, termp); if (winp) ioctl (slave, TIOCSWINSZ, winp); *amaster = master; *aslave = slave; if (name != NULL) strcpy (name, buf); if (buf != _buf) free (buf); return 0; fail: close (master); return -1; } ---------------------------------------------------------------------- and glibc-2.2.2/sysdeps/unix/sysv/linux/getpt.c ---------------------------------------------------------------------- /* Open a master pseudo terminal and return its file descriptor. */ int __posix_openpt (oflag) int oflag; { static int have_no_dev_ptmx; int fd; if (!have_no_dev_ptmx) { fd = __open (_PATH_DEVPTMX, oflag); if (fd != -1) { struct statfs fsbuf; static int devpts_mounted; /* Check that the /dev/pts filesystem is mounted or if /dev is a devfs filesystem (this implies /dev/pts). */ if (devpts_mounted || (__statfs (_PATH_DEVPTS, &fsbuf) == 0 && fsbuf.f_type == DEVPTS_SUPER_MAGIC) || (__statfs (_PATH_DEV, &fsbuf) == 0 && fsbuf.f_type == DEVFS_SUPER_MAGIC)) { /* Everything is ok. */ devpts_mounted = 1; return fd; } /* If /dev/pts is not mounted then the UNIX98 pseudo terminals are not usable. */ __close (fd); have_no_dev_ptmx = 1; } else { if (errno == ENOENT || errno == ENODEV) have_no_dev_ptmx = 1; else return -1; } } return -1; } --------------------------------------------------------------------------- I can't see any relations between network sockets and openpty(), getpt(), grantpt() ... Can you inform me how it could be happen or what's the relation between them. Do I miss something?
PS: Sorry for my English.
Nono... :-)
Thanks:)) MURAT KOC
Hi, Will anybody answer my question? Especially Roman?
Hi,
none /dev/pts devpts mode=0620 0 0
The devpts filesystem gets mounted by /sbin/init.d/boot at boot time on SuSE distributions and are not listed in the fstab. It shouldn't matter if it shows up there, though.
Nevertheless, this doesn't seem to be the problem here. It more or less looks like this machine has been under attack so that all available sockets have been used up. In particular, it seems to have been a SYN flood attack. There is no efficient countermeasure against this other than pulling the plug.
I think this may help you.
Sorry, I am not a security guru:))
I just said the problem can be solved as I said because in telnetd.c
-------------------------------------------------------------------- /* * Find an available pty to use. */ pty = getpty(); if (pty < 0) fatal(net, "All network ports in use"); ---------------------------------------------------------------------
and what's getpty()
---------------------------------------------------------------------- int getpty(void) { int masterfd;
if (openpty(&masterfd, &ptyslavefd, line, NULL, NULL)) { return -1; } return masterfd; } -----------------------------------------------------------------------
and in pty.h
-----------------------------------------------------------------------
/* Create pseudo tty master slave pair with NAME and set terminal attributes according to TERMP and WINP and return handles for both ends in AMASTER and ASLAVE. */ extern int openpty __P ((int *__amaster, int *__aslave, char *__name, struct termios *__termp, struct winsize *__winp));
-----------------------------------------------------------------------
so and in glibc-2.2.2/login/openpty.c
-----------------------------------------------------------------------
/* Create pseudo tty master slave pair and set terminal attributes according to TERMP and WINP. Return handles for both ends in AMASTER and ASLAVE, and return the name of the slave end in NAME. */ int openpty (int *amaster, int *aslave, char *name, struct termios *termp, struct winsize *winp) { #ifdef PATH_MAX char _buf[PATH_MAX]; #else char _buf[512]; #endif char *buf = _buf; int master, slave;
master = getpt (); if (master == -1) return -1;
if (grantpt (master)) goto fail;
if (unlockpt (master)) goto fail;
if (pts_name (master, &buf, sizeof (_buf))) goto fail;
slave = open (buf, O_RDWR | O_NOCTTY); if (slave == -1) { if (buf != _buf) free (buf);
goto fail; }
/* XXX Should we ignore errors here? */ if(termp) tcsetattr (slave, TCSAFLUSH, termp); if (winp) ioctl (slave, TIOCSWINSZ, winp);
*amaster = master; *aslave = slave; if (name != NULL) strcpy (name, buf);
if (buf != _buf) free (buf); return 0;
fail: close (master); return -1; }
----------------------------------------------------------------------
and glibc-2.2.2/sysdeps/unix/sysv/linux/getpt.c
----------------------------------------------------------------------
/* Open a master pseudo terminal and return its file descriptor. */ int __posix_openpt (oflag) int oflag; { static int have_no_dev_ptmx; int fd;
if (!have_no_dev_ptmx) { fd = __open (_PATH_DEVPTMX, oflag); if (fd != -1) { struct statfs fsbuf; static int devpts_mounted;
/* Check that the /dev/pts filesystem is mounted or if /dev is a devfs filesystem (this implies /dev/pts). */ if (devpts_mounted || (__statfs (_PATH_DEVPTS, &fsbuf) == 0 && fsbuf.f_type == DEVPTS_SUPER_MAGIC) || (__statfs (_PATH_DEV, &fsbuf) == 0 && fsbuf.f_type == DEVFS_SUPER_MAGIC)) { /* Everything is ok. */ devpts_mounted = 1; return fd; }
/* If /dev/pts is not mounted then the UNIX98 pseudo terminals are not usable. */ __close (fd); have_no_dev_ptmx = 1; } else { if (errno == ENOENT || errno == ENODEV) have_no_dev_ptmx = 1; else return -1; } }
return -1; }
---------------------------------------------------------------------------
I can't see any relations between network sockets and openpty(), getpt(), grantpt() ... Can you inform me how it could be happen or what's the relation between them.
Do I miss something?
PS: Sorry for my English.
Nono... :-)
Thanks:))
MURAT KOC
Hi is it possible to enable remote execution (rexec) of xterm from an pc-x emulation (SCO XVision 7.31) on suse 7.0 ? all i get is a "connection refused" message. I have to connect to linux via ascii-telnet and start xterm from the telnet-session. I dont want to start a full x-session via xdm/kdm (which works) but only few xterms seperately. Is there a way to start xterm direct via rexec ? Regards M. Rauter
Hallo Michael Rauter wrote:
is it possible to enable remote execution (rexec) of xterm from an pc-x emulation (SCO XVision 7.31) on suse 7.0 ? all i get is a "connection refused" message. I have to connect to linux via ascii-telnet and start xterm from the telnet-session. I dont want to start a full x-session via xdm/kdm (which works) but only few xterms seperately.
Is there a way to start xterm direct via rexec ?
On the SuSE box you must uncomment the followin line in /etc/inetd.conf: # exec stream tcp nowait root /usr/sbin/tcpd in.rexecd I don't know how it is with SCO XVision 7.31 but with StarNet X-Win32 there is an option rexec in the session editing and there you put in a line like: /bin/X11/xterm -display pc:0.0 Michael Blaesse
Hi there, I am subscribed to this list, and keep receiving all the messages twice. I have unsubscribed and resubscrived, and the same problem occurs. Bizarrely, it does not occur with the suse-linux-e list. Is this happening to anyone else? Regards, Iain Gray
Hi Iain!
From: Iain Gray [mailto:iain.gray@nexusdata.co.uk] it does not occur with the suse-linux-e list. Is this happening to anyone else?
Strange how it is, the same thing happens to me. But only for certain mails, not for all of them.
"Michael Rauter"
Hi
is it possible to enable remote execution (rexec) of xterm from an pc-x emulation (SCO XVision 7.31) on suse 7.0 ? all i get is a "connection refused" message. I have to connect to linux via ascii-telnet and start xterm from the telnet-session. I dont want to start a full x-session via xdm/kdm (which works) but only few xterms seperately.
Is there a way to start xterm direct via rexec ?
I would never activate r-daemons - you can do that using sshd on your SuSE box if you have ssh on your pc-x: ssh -f name_of_SuSE_box "xterm -display pc-x:0.0" HTH Martin -- martin.peikert@innominate.com innominate AG the linux architects tel: +49-30-308806-0 fax: -77 http://www.innominate.com
On Thu, Mar 08, 2001 at 12:10 +0000, Martin Peikert wrote:
I would never activate r-daemons - you can do that using sshd on your SuSE box if you have ssh on your pc-x: ssh -f name_of_SuSE_box "xterm -display pc-x:0.0"
^^^^^^^^^^^^^^^^^ Doesn't the ssh program suite forward X by itself if you ask it to? This would save you from memorizing these details. Just state "start the X app there" ... virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
participants (9)
-
Andreas Achtzehn -
Christian Boxhammer -
Gerhard Sittig -
Iain Gray -
Martin Peikert -
Michael Blaesse -
Michael Rauter -
Murat Koc -
Roman Drahtmueller