Skip site navigation (1)Skip section navigation (2)
Date:      	Wed, 15 May 1996 16:20:18 -0700 (PDT)
From:      Tom Samplonius <tom@uniserve.com>
To:        Darren Reed <avalon@coombs.anu.edu.au>
Cc:        Thomas J Balfe <tbalfe@tioga.com>, freebsd-security@freebsd.org
Subject:   Re: anyone ever get this message?
Message-ID:  <Pine.BSF.3.91.960515161622.1373E-100000@haven.uniserve.com>
In-Reply-To: <199605131442.HAA24954@freefall.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help

On Tue, 14 May 1996, Darren Reed wrote:

> In some mail from Thomas J Balfe, sie said:
> > 
> > May 13 06:22:39 falcon in.identd[2686]: warning: can't get client 
> > address: Socket is not connected
> > May 13 06:22:39 falcon in.identd[2686]: connect from unknown
> 
> Looks like a half-open port scan.

  No, inetd wouldn't spawn idnetd unless the socket was open.

> Linux does similar and on BSD tcp wrappers, for the most part, don't pick
> them up.
> 
> Unless you have something recording packets, you'll never see the source
> address (connection is closed before accept can work).

  Here's problably what happens:

  - you iniatate connect to some server
  - server sends ident query
  - you close you connect to server
  - ident query arrives but socket doesn't exist


Tom



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960515161622.1373E-100000>