auth/tcp server failing (looping), service terminated
Here’s an interesting message I found in my logs:inetd[128]: auth/tcp server failing (looping), service terminated
I had no idea what it meant. But if you read man inetd, it explains it:
service/protocol server failing (looping), service terminated. The number of requests for the specified service in the past minute ex- ceeded the limit. The limit exists to prevent a broken program or a ma- licious user from swamping the system. This message may occur for sever- al reasons:
1. There are many hosts requesting the service within a short time period.
2. A broken client program is requesting the service too fre- quently.
3. A malicious user is running a program to invoke the service in a denial-of-service attack.
4. The invoked service program has an error that causes clients to retry quickly.
Use the -R rate option, as described above, to change the rate limit. Once the limit is reached, the service will be reenabled automatically in 10 minutes.
Essentially, inetd is getting more requests for the auth service than it has been told to handle. The auth service is handled by identd on my box.
Changing the configuration
I looked in /etc/defaults/rc.conf to see if I could find something related to inetd. I did:# grep inetd /etc/defaults/rc.conf inetd_enable="YES" # Run the network daemon dispatcher (or NO). inetd_flags="-wW" # Optional flags to inetd
So I added this to /etc/rc.conf:
inetd_flags="-wW -R 1024" # Optional flags to inetd
Note that you should not modify /etc/defaults/rc.conf.
Why the problem occurred
I noticed that the problem was occuring during times of mailing list activity. When the mail server was going flat-out trying to deliver mail, the error message would occur. The following command would show all identd requests:tcpdump -i ed0 port 113
This command shows me the ongoing mail log:
tail -F /var/log/maillog
I could easily see that when the mail messages started flowing, the auth requests started as well. That’s normal. Most mail servers act that way. They use auth as part of the security check.
What didn’t work
This bit didn’t work. Don’t do this.Then I hup’d inetd:
killall -hup inetd
But after about ten minutes, the problem returned.
This did work
I killed inetd:killall -term inetd
Then I started inetd using the same flags from /etc/rc.conf:
/usr/sbin/inetd -wW -R 1024
The problem did not recur. Yea team!
Can someone tell me how to rate limit my ethernet port under FreeBSD 4.3?
Cheers,
Brad
How is that relating to this article? Perhaps you should be posting that in the <A HREF="/phorum/list.php?f=1">main phorum</A>.