DSL logs

Eric Eisenhart eric at eisenhart.com
Wed Jan 26 11:32:29 PST 2000

On Wed, Jan 26, 2000 at 10:15:00AM -0800, E Frank Ball wrote:
> I've had DSL for 2 days now.  I've been keeping an eye on the logs, and
> I'm wondering about some things:
> Jan 25 23:55:39 zouave tcplogd: port 113 connection attempt from sofuku.monster.org
> Jan 26 00:01:07 zouave icmplogd: destination unreachable from localhost
> Jan 26 00:20:55 zouave -- MARK --
> Jan 26 00:30:54 zouave tcplogd: port 113 connection attempt from mail.sonic.net
> Jan 26 00:31:08 zouave tcplogd: port 113 connection attempt from mail.sonic.net
> Jan 26 00:50:43 zouave tcplogd: port 113 connection attempt from mail.sonic.net
> From /etc/services:
> auth            113/tcp         authentication tap ident
> Can somebody explain what's happening here?  mail.sonic.net makes this
> attempt everytime I send mail or fetchmail, but the mail is working
> fine, and I think it is safe to assume that sofuku.monster.org isn't a
> friendly.

The "auth" or "ident" protocol is intended to allow a site that you connect
to to determine what user is making the connection.  This is useful for
things like email because it records the user actually responsible for
sending the email (if it's done via a straight telnet instead of sendmail
running) if somebody is attempting to forge email.

In other words, when it's mail.sonic.net, it's normal.

As for monster.org -- I dunno.

> Also, is there a secure way to use fetchmail?

Yes.  It's possible to pipe the actual fetchmail connection through SSH via
port forwarding -- the fetchmail manual details how to do this, IIRC.  You
don't want to do this via bolt.sonic.net, though -- that'd only *increase*
your chances of you traffic getting sniffed.  (it would be more likely that
bolt would get compromised than, say, a terminal server, router or switch
getting compromised) I've also set it up before to call ssh as a program to
perform the connection, using instead a program that connected to the remote
end and ran the POP server stuff directly...  (so that the only
authentication involved was the RSA key stored in my SSH agent)  But I only
know how to do that if it's qmail running at the remote end.
    Eric Eisenhart   Freedom is slavery.      http://eric.eisenhart.com/
 ^  ICQ#: 48217244   Ignorance is strength.   eric-dot-sig at eisenhart.com
/e\ Perl&SQL Coder   War is peace.            IRC Nicks: Falsch Freiheit
---                        -- George Orwell

More information about the talk mailing list