Previously I asked:
>Just before 2pm today all the Suns on my network gave the above
>message. Any subsequent attempt to use rusers fails with an
>"RPC: Program not registered" message.
>
>The problem can be solved by sending a SIGHUP to inetd on the Suns, but
>this is second time this has happened, so does anyone know what could be
>causing this problem? All the Suns are running 4.1.3.
Apparently this message is generated by inetd if it receives more than
a certain number of rusers requests in a given time. It's not a bug, but a
safety feature - presumably to prevent a machine from being brought to its
knees by a remote process that has gone berserk.
I was able to confirm this by blasting one of my machines with rusers
requests.
There is a patch (or undocumented options?) that increases the number of
allowed requests to inetd.
One respondent suggested it may be a sign of hacker activity, where
someone deliberately "terminates" services to try and hide what they're
doing. It was suggested I install "securelib" from eecs.nwu.edu to
control which hosts have access to these services.
However, seeing that 3 of my users reported the problem within 15
minutes, I guess I'm suffering from local rusers junkies.
Thanks to:
tkevans@neptune.es.dupont.com (Tim Evans)
miguel@dt.fee.unicamp.br (Miguel A. Rozsas)
symanski@gold.nosc.mil (Jerry Symanski)
mharris@jpmorgan.com (Michael Harris)
John.Murray@Germany.EU.net (John Murray)
dennett@Kodak.COM (Charles R. Dennett)
James Pearson
+------------------------------------------------------------------------+
Dept. Photogrammetry & Surveying INTERNET: j.pearson@ps.ucl.ac.uk
University College London JANET: j.pearson@uk.ac.ucl.ps
Gower Street
London WC1E 6BT
England
P.S. I have not yet received, via sun-managers, a copy of my original
message, but I have seen up to three copies of other postings. Is anyone
else having similar problems?
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:29 CDT