LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 08-09-2006, 08:59 PM   #1
rigelan
Member
 
Registered: Jul 2005
Location: Iowa
Distribution: Slackware
Posts: 180

Rep: Reputation: 19
nmap makes syslog run amok


I really have no information about this problem. It also only happened once, and I am hesitant to try it again.

I have my slack machine on a local network with a windows xp machine.

Using nmap 4.10, I attempted to probe the windows machine on the windows machine. Then suddenly an inetd daemon appeared on my process list, it wrapped the process id's rather quickly. It would have 5300, then in a second perhaps 6700, then on and on until it wrapped at around 64000.

Meanwhile my syslog was growing at a huge rate. It grew about at a 1 megabyte per second. To stop it I went down to init 1. But I also deleted it because I didn't want it causing too many problems.

What is the usual cause behind a growing syslog like that?

Does it seem like a nmap problem or something different?
 
Old 08-10-2006, 02:22 PM   #2
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141

Rep: Reputation: 168Reputation: 168
I'm just guessing since I haven't seen your syslog files, but if your firewall rules do a lot of blocking and a lot of logging, then that could be it. The setup on one of my boxes is default DROP for INPUT, FORWARD and OUTPUT - I see a lot of entries in the log if I run tools like nmap on it, but not as much as 1MB/sec.

Can you try it again and post some of the log here?
 
Old 08-11-2006, 09:00 AM   #3
rigelan
Member
 
Registered: Jul 2005
Location: Iowa
Distribution: Slackware
Posts: 180

Original Poster
Rep: Reputation: 19
I'll have some free time tonight, and see if I can get the nmap to ramp itself up again. This is actually the second time it happened, but not with the nmap program, I was experimenting with AVG antivirus software for linux, and it did it (brought up a second inetd daemon). So I'll see if I can rouse up some log files, and make this request a bit more specific.
 
Old 08-19-2006, 01:25 AM   #4
rigelan
Member
 
Registered: Jul 2005
Location: Iowa
Distribution: Slackware
Posts: 180

Original Poster
Rep: Reputation: 19
I found the error. I guess there were copies in my syslog that I didn't delete. It cause my syslog to write this error about a million times (Maybe less)

Code:
localhost inetd[4577]: /usr/sbin/in.identd: exit status 0x1
localhost inetd[6455]: execv /usr/sbin/in.identd: No such file or directory
It repeated these two lines for ports 6455 - 32767, incrementing by one each.

I believe the 4577 was my out-port and the others were the in-port on the other computer I was testing.

It basically added 4 megabytes to my syslog in a few seconds because it cannot find a file?

Last edited by rigelan; 08-19-2006 at 01:26 AM.
 
Old 08-19-2006, 01:34 AM   #5
rigelan
Member
 
Registered: Jul 2005
Location: Iowa
Distribution: Slackware
Posts: 180

Original Poster
Rep: Reputation: 19
I found out that file is in the pidentd package from slackware. So i'll install it and see if I can get the nmap to ramp up the syslog again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
nmap ? how do i do nmap in linux ? command not found abbasakhtar Linux - Newbie 2 01-02-2011 02:08 AM
512MB to 1GB RAM upgrade makes system run slower Kropotkin Linux - Hardware 2 03-16-2006 06:51 PM
RHN Monitor running amok riluve Red Hat 0 04-01-2005 10:21 AM
Linux makes my laptop run hotter? sancho Linux - Laptop and Netbook 10 10-21-2003 05:09 PM
Xinetd Running Amok - RH 8 RWild Linux - Networking 2 02-23-2003 02:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 05:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration