auth/tcp server failing (looping), service terminated

auth/tcp server failing (looping), service terminated

Here’s an interesting message I found in my logs:

inetd[128]: auth/tcp server failing (looping), service terminated

I had no idea what it meant.  But if you read man inetd, it explains
it:

service/protocol server failing (looping), service terminated. The number of requests
for the specified service in the past minute ex- ceeded the limit. The limit exists to
prevent a broken program or a ma- licious user from swamping the system. This message may
occur for sever- al reasons:

1. There are many hosts requesting the service within a short time period.

2. A broken client program is requesting the service too fre- quently.

3. A malicious user is running a program to invoke the service in a denial-of-service
attack.

4. The invoked service program has an error that causes clients to retry quickly.

Use the -R rate option, as described above, to change the rate limit. Once the limit is
reached, the service will be reenabled automatically in 10 minutes.

Essentially, inetd is getting more requests for the auth service than it has
been told to handle.  The auth service is handled by identd on my box.

Changing the configuration

I looked in /etc/defaults/rc.conf to see if I could find
something related to inetd.  I did:

# grep inetd /etc/defaults/rc.conf
inetd_enable="YES"       # Run the network daemon dispatcher (or NO).
inetd_flags="-wW"        # Optional flags to inetd

So I added this to /etc/rc.conf:

inetd_flags="-wW -R 1024"        # Optional flags to inetd

Note that you should not modify /etc/defaults/rc.conf.

Why the problem occurred

I noticed that the problem was occuring during times of mailing list
activity.  When the mail server was going flat-out trying to deliver mail, the error
message would occur.  The following command would show all identd requests:

tcpdump -i ed0 port 113

This command shows me the ongoing mail log:

tail -F /var/log/maillog

I could easily see that when the mail messages started flowing, the auth requests
started as well.  That’s normal.  Most mail servers act that way.  They use
auth as part of the security check.

What didn’t work

This bit didn’t work.  Don’t do this.

Then I hup’d inetd:

killall -hup inetd

But after about ten minutes, the problem returned.

This did work

I killed inetd:

killall -term inetd

Then I started inetd using the same flags from /etc/rc.conf:

/usr/sbin/inetd -wW -R 1024

The problem did not recur.  Yea team!

2 thoughts on “auth/tcp server failing (looping), service terminated”

Leave a Comment

Scroll to Top