Jul 292000

auth/tcp server failing (looping), service terminated

Here’s an interesting message I found in my logs:
inetd[128]: auth/tcp server failing (looping), service terminated

I had no idea what it meant.  But if you read man inetd, it explains it:

service/protocol server failing (looping), service terminated. The number of requests for the specified service in the past minute ex- ceeded the limit. The limit exists to prevent a broken program or a ma- licious user from swamping the system. This message may occur for sever- al reasons:

1. There are many hosts requesting the service within a short time period.

2. A broken client program is requesting the service too fre- quently.

3. A malicious user is running a program to invoke the service in a denial-of-service attack.

4. The invoked service program has an error that causes clients to retry quickly.

Use the -R rate option, as described above, to change the rate limit. Once the limit is reached, the service will be reenabled automatically in 10 minutes.

Essentially, inetd is getting more requests for the auth service than it has been told to handle.  The auth service is handled by identd on my box.

Changing the configuration

I looked in /etc/defaults/rc.conf to see if I could find something related to inetd.  I did:
# grep inetd /etc/defaults/rc.conf
inetd_enable="YES"       # Run the network daemon dispatcher (or NO).
inetd_flags="-wW"        # Optional flags to inetd

So I added this to /etc/rc.conf:

inetd_flags="-wW -R 1024"        # Optional flags to inetd

Note that you should not modify /etc/defaults/rc.conf.

Why the problem occurred

I noticed that the problem was occuring during times of mailing list activity.  When the mail server was going flat-out trying to deliver mail, the error message would occur.  The following command would show all identd requests:
tcpdump -i ed0 port 113

This command shows me the ongoing mail log:

tail -F /var/log/maillog

I could easily see that when the mail messages started flowing, the auth requests started as well.  That’s normal.  Most mail servers act that way.  They use auth as part of the security check.

What didn’t work

This bit didn’t work.  Don’t do this.

Then I hup’d inetd:

killall -hup inetd

But after about ten minutes, the problem returned.

This did work

I killed inetd:
killall -term inetd

Then I started inetd using the same flags from /etc/rc.conf:

/usr/sbin/inetd -wW -R 1024

The problem did not recur.  Yea team!

  2 Responses to “auth/tcp server failing (looping), service terminated”

  1. Can someone tell me how to rate limit my ethernet port under FreeBSD 4.3?