Mailinglist Archive: opensuse-security (220 mails)

< Previous Next >
tcpd problem
Hi to all,
I'm running a public server with SuSE 8.1 and I've recently discovered some
strange log entries (19:32:52 was the first time when this error occured):

Nov 28 19:32:52 ***** tcpd[18129]: warning: can't get client address: Socket
operation on non-socket
Nov 28 19:32:56 ***** last message repeated 3695 times
Nov 28 21:17:41 ***** tcpd[21930]: warning: can't get client address: Socket
operation on non-socket
Nov 28 21:17:43 ***** last message repeated 1445 times
Nov 28 21:28:32 ***** tcpd[22733]: warning: can't get client address: Socket
operation on non-socket
Nov 28 21:28:33 ***** last message repeated 1015 times

Therefore I searched the web for this error and found out that this might be
symptoms of a rootkit, so I ran chkrootkit but it didn't find any infected
files.
Now I've got two questions:
1) Is somebody scanning my machine for the mentioned rookit or trying to
break in?
2) How can I find out which application invokes tcpd (or vice versa) and
causes the error? (inetd definitely does not)

Regards Freddy


< Previous Next >
This Thread
  • No further messages