- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Am I being hacked?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2002 09:11 AM
09-26-2002 09:11 AM
Sep 26 11:46:16 potter telnetd[29451]: getpid: peer died: Error 0
It looks like some process is trying to login. How can I track down where it's coming from?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2002 09:24 AM
09-26-2002 09:24 AM
SolutionNo, this is indicative of a telnet session starting & then dying.
Reasons could be:
A) Network trouble
B) Firewall terminating the session
C) Remote session closing abnormally
D) Bad TCP protocol usage on the remote side (MicroSoft!)
To gain more connection info, stop & start inetd with the -l (ell) option & it'll log greater connection info. Be advised that if you have a lot of TCP connections you can grow the /var/adm/syslog/syslog.log file quickly.
HTH,
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2002 09:29 AM
09-26-2002 09:29 AM
Re: Am I being hacked?
As Jeff mentioned, it was because the client died abruptly.
Run inetd with -l option so that you can see all the connection information. "inetd -l" will enable you to see the information right on from that point.
29451 is the pid of telnetd connection. So, you can search for 29451 and you would see a line "connection from xx.xx.xx.xx" initially associated with the telnetd process in syslog.log
-Sri
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-26-2002 09:44 AM
09-26-2002 09:44 AM
Re: Am I being hacked?
This is most likely a client losing connectivity during a telent session.
You can increase logging of the inet daemon but restarting it with the '-l' option.
That will give you the info to determine where the session is coming from.
Sean
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-27-2002 05:05 AM
09-27-2002 05:05 AM
Re: Am I being hacked?
I've asked HP's telnetd code owners to replace this message with a clearer and less frightening one.
This is nothing at all to worry about. It almost certainly just means that someone terminated a connection in a very ungraceful manner. For example, if a PC had a DOS window opened, someone ran telnet to HP-UX, then clicked the 'X' of the window to close the window without typing 'quit' to telnet first, the telnet session would die without doing a proper termination handshake with telnetd first. HP-UX would note this event by generating the message you show above. Ugly, but not dangerous or anything you have to take action about.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-27-2002 05:09 AM
09-27-2002 05:09 AM
Re: Am I being hacked?
Further to what has alreday been said, this can be a user education problem and windows telnet sessions.
User love to click the "X" to exit instead of exiting correctly from the uxix server and when they do this the "peer died" entry in syslog.log is created.
HTH
Paula
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-27-2002 06:52 AM
09-27-2002 06:52 AM
Re: Am I being hacked?
live free or die
harry
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-27-2002 08:25 AM
09-27-2002 08:25 AM
Re: Am I being hacked?
This message just pertains to when telnet sessions die abruptly or someone just closes their telnet session without logging out.
You are not being hacked.
:-)
Regards,
Anil
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-27-2002 08:31 AM
09-27-2002 08:31 AM
Re: Am I being hacked?
pass in quick log proto tcp from any to `hostname`/32 port = 23 keep state
GL,
C