(late) SUMMARY:my inted "forgets" its inetd.conf

From: Bernt Christandl (bernt.christandl@munich-airport.de)
Date: Wed Jul 28 1999 - 02:03:49 CDT

Hello managers,

my original question is at the end, in short my problem is/was
that from time to time on an unpredictable machine the r*-services
are not working...

I had some responses from the list suggesting the use of "snoop"
and/or "truss" to find out more about this behaviour, but i wasn't able
to learn something useful.

Then a mail from Sun came in and explains a possible reason for this.
(It was in german and so i have to sum it up...)

The idea is to make the system somehow safer against denial-of-service
attacks. For this reason the inetd counts the number of requests per time
and service and "believes" that there is an attack or the daemon for a
service is unavailable, if this number grows bigger than a customizable
value. And then the inetd disables that service for 10 minutes. After
that time - or after a "kill -HUP" it enables the service again.

This will be logged normally in /var/adm/messages as
`server failing (looping), service terminated'

See "man inetd" for details. The option for that value is "-r" and
as an example: "-r 40 60" (which is the default)
means that 40 request within 60 seconds will be the threshold-value.

I have had no time yet to verify that this is the cause of my problem,
but at least it describes a possible "picture" and since we don't
explicitly use that "-r" option, the default seems to be "reachable"
for me in our installation...

With regards,

Bernt Christandl <Bernt.Christandl@munich-airport.de>


My original question:
Hello managers,

i have a strange problem here.

We have several dozens sparcs and ultras around under 4.1.4, 2.5.1 and 2.6,
which are configured to allow rpc's to/from one special machine.
(backup, system management, ...)

Now i have the problem from time to time that on one or more machines
i "see" the error "Connection timed out", while the machine(s) are still
up and running. I can't do a "rsh <host> date", but i can do a telnet
to those machines and then a "kill -HUP <pid_of_inetd>".

Then i can do rpc's like "rsh <host> date" again...

The machines where this happens are NOT always the same few...

Do my inetd's suffer from "Alzheimer"? Or did i miss something?

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:24 CDT