Simpler Navigation for Servers and Operating Systems - Please Update Your Bookmarks
Completed: a much simpler Servers and Operating Systems section of the Community. We combined many of the older boards, so you won't have to click through so many levels to get at the information you need. Check the consolidated boards here as many sub-forums are now single boards.
If you have bookmarked forums or discussion boards in Servers and Operating Systems, we suggest you check and update them as needed.
cancel
Showing results for 
Search instead for 
Did you mean: 

Error messages in syslog

Charles Campbell
Occasional Visitor

Error messages in syslog

At regular intervals I get the followinf message in my syslog log file
rlogind[15726]: Connection from xxx.xx.xx.xx on illegal port.

I have checked the knowledge base but have not come up with an answer. Can anybody help

Thanks in advance
Charles Campbell
7 REPLIES
Clemens van Everdingen
Honored Contributor

Re: Error messages in syslog

Hi,

Are you using rlogin through the GSP port of your system ?

This could cause this issue.
Also specific firewall rules could cause this.

C.
The computer is a great invention, there are as many mistakes as ever, but they are nobody's fault !
Steve Steel
Honored Contributor

Re: Error messages in syslog

Hi

Do you have a firewall

Some like the eagle raptor can give this


Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
U.SivaKumar_2
Honored Contributor

Re: Error messages in syslog

Hi,

This error is logged if the remote client has selected it's source port as unprivileged port
i.e >1024

This may occur in case of normals users connecting to server or using non-unix rlogin clients or attack attempt
.

regards,

U.SivaKumar
Innovations are made when conventions are broken
Robert-Jan Goossens
Honored Contributor

Re: Error messages in syslog

Hi,

look for ftp logins in your syslog,

take a look at next text

What does "500 Illegal PORT Command" mean?
The "Illegal PORT Command" error message is coming from your FTP client. I don't know what it is expecting or what's wrong with what it's hearing. Is this FWTK 2.1? Perhaps you're using one of the older versions of FWTK that sent the PORT command as two separate write() operations - some FTP clients expect to see the PORT and terminating cr/lf in a single packet.

Hope it helps,

Robert-Jan.
Steven E. Protter
Exalted Contributor

Re: Error messages in syslog

Might want to update logging on certain /etc/inetd.conf daemons.

the one in there named ftpd can have -l command added for better logging.

save the file

inetd -c to reload, you get better ftp logging.

For security reasons, I recommend dropping the Berkely protocols (rlogin), by commenting them out of inetd.conf

They can be replaced with secure shell, link and setup doc attached.
https://payment.ecommerce.hp.com/cgi-bin/swdepot_parser.cgi/cgi/try.pl?productNumber=T1471AA&date=

You might want to consider the next two links. Security hardening tool, Bastille, ported from Linux and a real time saver.

https://payment.ecommerce.hp.com/cgi-bin/swdepot_parser.cgi/cgi/try.pl?productNumber=B6849AA&date=

Another handy tool is Security patch check.
link:https://payment.ecommerce.hp.com/cgi-bin/swdepot_parser.cgi/cgi/try.pl?productNumber=B6834AA&date=

Good luck and stop using the Berkely protocols, which transmit passwords around in clear text. Secure shell totally and securely replaces those tools. They are available on the PC as well.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Charles Campbell
Occasional Visitor

Re: Error messages in syslog

Hi all,

Thanks for the response. Further down the syslog log file the following apprears

Jan 27 02:21:27 server ftpd[15739]: FTP session closed
Jan 27 02:21:28 server ftpd[15741]: FTP session closed
Jan 27 02:21:33
Jan 27 02:31:22 serve tftpd[15736]: Timeout (no requests in 10 minutes)
Jan 27 02:36:15 server ftpd[15721]: exiting on signal 14


The host name listed is on our internal lan and the server is behind a firewall.

I am also getting bootp requests but do not have DHCP set-up on our network.
Jeff Schussele
Honored Contributor

Re: Error messages in syslog

Hi Charles,

To get rid of the bootp requests - comment out
#tftp .....
#bootps .....
in /etc/inetd.conf & run
inetd -c

You're system will no longer accept & log these connection attempts.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!