On Wed, 24 Oct 2001, Randall Gellens wrote: > >Why, according to LIDS, is popper (4.0.3) trying to bind to these ports? > > It wouldn't, out of the box. If it appears to be, then perhaps there > is an inetd entry for them?
root@mail1:~# grep -v "^#" /etc/inetd.conf | grep -v "^$" pop3 stream tcp nowait.500 root /usr/sbin/tcpd /usr/local/sbin/popper -cRs auth stream tcp wait nobody /usr/sbin/in.identd in.identd -P/dev/null The message I'm getting from lids is that popper itself was trying to bind to the ports, not inetd... Hmmm... Since then it's shown 759 & 760, 778 & 779, 829 & 830, and so on. Always two, always two in a row. LIDS 1.0.16, kernel 2.4.10 Oct 26 09:00:24 mail popper[14015]: connect from 1.2.3.4 Oct 26 09:00:25 mail kernel: LIDS: popper (3 2 inode 576791) pid 14015 ppid 64 user (2116/12) on NULL tty: try to bind to port 623 Oct 26 09:00:25 mail kernel: LIDS: popper (3 2 inode 576791) pid 14015 ppid 64 user (2116/12) on NULL tty: more try to bind to port 624,logging disabled for 60 seconds Oct 26 09:00:25 mail popper[14015]: [drac]: login by janedoe from host 1.2.3.4 (1.2.3.4) Oct 26 09:00:25 mail popper[14015]: Stats: janedoe 0 0 0 0 1.2.3.4 (1.2.3.4) The user's pop3 session works just fine. I forgot about drac - think it's the culprit? tcp 0 0 0.0.0.0:900 0.0.0.0:* LISTEN 297/rpc.dracd udp 0 0 0.0.0.0:898 0.0.0.0:* 297/rpc.dracd Thanks, Jason -- Jason Englander <[EMAIL PROTECTED]> Systems Administrator - FiberCity Networks PGP Key: http://www.fiber-city.com/~jason/pgpkey.txt
