Pere Camps <[EMAIL PROTECTED]> writes: > Hi! > > Can somebody explain me what this is? > > Dec 7 13:52:11 casal in.telnetd[27798]: warning: can't get client address: > No route to host > Dec 7 13:52:12 casal in.telnetd[27798]: refused connect from unknown > > If my machine has a telnet request, then my machine knows the IP > (at least) of the machine which requests it, no?
No - not if the person connecting disconnects almost instantly; what can happen is that if the person in question opens and then closes a connection almost instantly, the connection goes to inetd, which accepts it, but before tcpd (which is what inetd hands telnet connections off to, and which is the program generating these log messages) gets the connection and finds out who's on the other end, the connection is closed, and tcpd is left without a clue, hence the confusing error messages. This is usually done as part of a port scan - testing to see which ports are accessible on your machine. There ought to be an option to inetd to log all tcp connections before passing them off to something else to handle, but I can see how that could get to be a hassle on a busy machine. On the other hand, services which are not run from inetd - for example, apache on most machines - will know where this connection was coming from, and many port scans hit port 80 as well as port 23. I seem to remember some program that monitored every individual incoming network packet and logged warning messages about suspicious packets - I suppose someone will know how to do this with ipchains or ip firewalling stuff.
