Hello managers,
my original question is at the end, in short my problem is/was
that from time to time on an unpredictable machine the r*-services
are not working...
I had some responses from the list suggesting the use of "snoop"
and/or "truss" to find out more about this behaviour, but i wasn't able
to learn something useful.
Then a mail from Sun came in and explains a possible reason for this.
(It was in german and so i have to sum it up...)
The idea is to make the system somehow safer against denial-of-service
attacks. For this reason the inetd counts the number of requests per time
and service and "believes" that there is an attack or the daemon for a
service is unavailable, if this number grows bigger than a customizable
value. And then the inetd disables that service for 10 minutes. After
that time - or after a "kill -HUP" it enables the service again.
This will be logged normally in /var/adm/messages as
`server failing (looping), service terminated'
See "man inetd" for details. The option for that value is "-r" and
as an example: "-r 40 60" (which is the default)
means that 40 request within 60 seconds will be the threshold-value.
I have had no time yet to verify that this is the cause of my problem,
but at least it describes a possible "picture" and since we don't
explicitly use that "-r" option, the default seems to be "reachable"
for me in our installation...
With regards,
Bernt Christandl <Bernt.Christandl@munich-airport.de>
--------------------------------------
My original question:
Hello managers,
i have a strange problem here.
We have several dozens sparcs and ultras around under 4.1.4, 2.5.1 and 2.6,
which are configured to allow rpc's to/from one special machine.
(backup, system management, ...)
Now i have the problem from time to time that on one or more machines
i "see" the error "Connection timed out", while the machine(s) are still
up and running. I can't do a "rsh <host> date", but i can do a telnet
to those machines and then a "kill -HUP <pid_of_inetd>".
Then i can do rpc's like "rsh <host> date" again...
The machines where this happens are NOT always the same few...
Do my inetd's suffer from "Alzheimer"? Or did i miss something?
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:24 CDT