From owner-freebsd-questions  Thu Nov 12 11:21:54 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id LAA10983
          for freebsd-questions-outgoing; Thu, 12 Nov 1998 11:21:54 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from luomat.peak.org (port-15-ts2-gnv.da.fdt.net [209.212.132.46])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id LAA10978
          for <freebsd-questions@FreeBSD.ORG>; Thu, 12 Nov 1998 11:21:48 -0800 (PST)
          (envelope-from luomat@luomat.peak.org)
Message-Id: <199811120600.BAA28141@ocalhost>
Content-Type: text/plain
MIME-Version: 1.0
In-Reply-To: <Pine.BSF.4.05.9811091702040.7148-100000@zeus.tds.edu>
From: Timothy J Luoma <public+FreeBSD@fdt.net>
Date: Thu, 12 Nov 1998 01:00:12 -0500
To: Willow <willow@tds.edu>
Subject: Re: tcpd
cc: freebsd-questions@FreeBSD.ORG
References: <Pine.BSF.4.05.9811091702040.7148-100000@zeus.tds.edu>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

	Author:	Willow <willow@tds.edu>
	Date:	Mon, 9 Nov 1998 17:06:27 -0500 (EST)
	ID:	<Pine.BSF.4.05.9811091702040.7148-100000@zeus.tds.edu>

> After reconfiguring my /etc/inetd.conf file to make use of tcp_wrappers
> (tcpd) I get the following every once and awhile in /var/log/messages and
> to /dev/console:
>
> identd[pid]: warning: can't get client address: socket is not connected

I believe this usually indicates you have been hit by a port-scanner that  
only opened the connection part-way so-as to avoid detection (ie you didn't  
get the remote IP, etc)

TjL

ps -- tcpdump often gets connections that tcpd does not, IME



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message