System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

warning: can't get client address: Connection reset by peer

 
SOLVED
Go to solution
KathyK
Regular Advisor

warning: can't get client address: Connection reset by peer

Hi everyone,

We have our ftp server running Red Hat Enterprise Linux Server release 5.2

I have noticed the following warnings in the /var/log/message file:


Apr 7 17:31:52 snmpd[2206]: Connection from UDP: [xxx.xx.xx.xxx]:3879
Apr 7 17:31:54 last message repeated 6 times
Apr 7 17:32:03 vsftpd[2403]: warning: can't get client address: Connection reset by peer
Apr 7 17:32:07 vsftpd[2404]: warning: can't get client address: Connection reset by peer
Apr 7 17:32:14 snmpd[2206]: Connection from UDP: [xxx.xx.xx.xxx]:3879
Apr 7 17:32:16 last message repeated 8 times
Apr 7 17:32:33 vsftpd[2405]: warning: can't get client address: Connection reset by peer
Apr 7 17:32:37 vsftpd[2406]: warning: can't get client address: Connection reset by peer
Apr 7 17:33:03 vsftpd[2409]: warning: can't get client address: Connection reset by peer
Apr 7 17:33:07 vsftpd[2410]: warning: can't get client address: Connection reset by peer



Any ideas anyone?

all replies are greatly appreciated.


Regards,
Kathy
3 REPLIES
savus
Advisor
Solution

Re: warning: can't get client address: Connection reset by peer

Hello Kathy,

I think that someone is scanning your server for vulnerabilitys, using a tool like nessus or sending "custom packets".

Regrads,
Stefan
Frank de Vries
Respected Contributor

Re: warning: can't get client address: Connection reset by peer

Can you give the contents of your conf file
e.g.
/etc/xinetd.d/tftpd

service tftp
{
protocol = udp
socket_type = dgram
wait = yes
user = root
server = /usr/sbin/in.tftpd
server_args = -s /tftpboot
disable = no
}

Then verify perms:

Quote:
$chmod -R 777 /tftpboot
$chown -R nobody /tftpboot

Then restart:

Quote:
service xinetd restart

Now, test that its running:

Quote:
ps -aux | grep ftp
netstat -l -u | grep ftp

Create a test-file:

Quote:
touch /tftpboot/foo

Attempt to grab it:

Quote:
tftp localhost
tftp> get foo
tftp> quit
$ls -l foo

Then try using IP:

Quote:
tftp IP.ADD.RE.SS
tftp> get foo
tftp> quit

How does that go?
Look before you leap
KathyK
Regular Advisor

Re: warning: can't get client address: Connection reset by peer

Thank you Stefan and Frank,
true it is a case of unauthorized user trying to access the server. I was just informed that since it's reverse ip lookup it's not as critical.

thanks again
kathy