Date: Wed, 15 May 1996 16:20:18 -0700 (PDT) From: Tom Samplonius <tom@uniserve.com> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: Thomas J Balfe <tbalfe@tioga.com>, freebsd-security@freebsd.org Subject: Re: anyone ever get this message? Message-ID: <Pine.BSF.3.91.960515161622.1373E-100000@haven.uniserve.com> In-Reply-To: <199605131442.HAA24954@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 14 May 1996, Darren Reed wrote: > In some mail from Thomas J Balfe, sie said: > > > > May 13 06:22:39 falcon in.identd[2686]: warning: can't get client > > address: Socket is not connected > > May 13 06:22:39 falcon in.identd[2686]: connect from unknown > > Looks like a half-open port scan. No, inetd wouldn't spawn idnetd unless the socket was open. > Linux does similar and on BSD tcp wrappers, for the most part, don't pick > them up. > > Unless you have something recording packets, you'll never see the source > address (connection is closed before accept can work). Here's problably what happens: - you iniatate connect to some server - server sends ident query - you close you connect to server - ident query arrives but socket doesn't exist Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960515161622.1373E-100000>