- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Error messages in syslog
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-21-2003 02:20 AM
тАО02-21-2003 02:20 AM
Error messages in syslog
rlogind[15726]: Connection from xxx.xx.xx.xx on illegal port.
I have checked the knowledge base but have not come up with an answer. Can anybody help
Thanks in advance
Charles Campbell
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-21-2003 02:30 AM
тАО02-21-2003 02:30 AM
Re: Error messages in syslog
Are you using rlogin through the GSP port of your system ?
This could cause this issue.
Also specific firewall rules could cause this.
C.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-21-2003 02:32 AM
тАО02-21-2003 02:32 AM
Re: Error messages in syslog
Do you have a firewall
Some like the eagle raptor can give this
Steve Steel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-21-2003 02:51 AM
тАО02-21-2003 02:51 AM
Re: Error messages in syslog
This error is logged if the remote client has selected it's source port as unprivileged port
i.e >1024
This may occur in case of normals users connecting to server or using non-unix rlogin clients or attack attempt
.
regards,
U.SivaKumar
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-21-2003 02:53 AM
тАО02-21-2003 02:53 AM
Re: Error messages in syslog
look for ftp logins in your syslog,
take a look at next text
What does "500 Illegal PORT Command" mean?
The "Illegal PORT Command" error message is coming from your FTP client. I don't know what it is expecting or what's wrong with what it's hearing. Is this FWTK 2.1? Perhaps you're using one of the older versions of FWTK that sent the PORT command as two separate write() operations - some FTP clients expect to see the PORT and terminating cr/lf in a single packet.
Hope it helps,
Robert-Jan.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-21-2003 11:06 AM
тАО02-21-2003 11:06 AM
Re: Error messages in syslog
the one in there named ftpd can have -l command added for better logging.
save the file
inetd -c to reload, you get better ftp logging.
For security reasons, I recommend dropping the Berkely protocols (rlogin), by commenting them out of inetd.conf
They can be replaced with secure shell, link and setup doc attached.
https://payment.ecommerce.hp.com/cgi-bin/swdepot_parser.cgi/cgi/try.pl?productNumber=T1471AA&date=
You might want to consider the next two links. Security hardening tool, Bastille, ported from Linux and a real time saver.
https://payment.ecommerce.hp.com/cgi-bin/swdepot_parser.cgi/cgi/try.pl?productNumber=B6849AA&date=
Another handy tool is Security patch check.
link:https://payment.ecommerce.hp.com/cgi-bin/swdepot_parser.cgi/cgi/try.pl?productNumber=B6834AA&date=
Good luck and stop using the Berkely protocols, which transmit passwords around in clear text. Secure shell totally and securely replaces those tools. They are available on the PC as well.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-24-2003 07:49 AM
тАО02-24-2003 07:49 AM
Re: Error messages in syslog
Thanks for the response. Further down the syslog log file the following apprears
Jan 27 02:21:27 server ftpd[15739]: FTP session closed
Jan 27 02:21:28 server ftpd[15741]: FTP session closed
Jan 27 02:21:33
Jan 27 02:31:22 serve tftpd[15736]: Timeout (no requests in 10 minutes)
Jan 27 02:36:15 server ftpd[15721]: exiting on signal 14
The host name listed is on our internal lan and the server is behind a firewall.
I am also getting bootp requests but do not have DHCP set-up on our network.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-24-2003 07:56 AM
тАО02-24-2003 07:56 AM
Re: Error messages in syslog
To get rid of the bootp requests - comment out
#tftp .....
#bootps .....
in /etc/inetd.conf & run
inetd -c
You're system will no longer accept & log these connection attempts.
HTH,
Jeff