[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 20020305: suominet

Subject: Re: 20020305: suominet
Date: Wed, 6 Mar 2002 14:54:08 -0700 (MST)
Hi Anne, 

Would you be so kind as to comment out:

#exec   "pqbinstats"


from your ldmd.conf file and watch to see if the errors vanish from your
logs?

The :35 minute really has me thinking it has to do with statistics
reporting. My guess is sendmail protocol which I am investigating further.

Keep in mind, any changes in your ldmd.conf file will not take place until
you stop your ldm and restart.

So..

Make change (comment out pqbinstats)

ldmadmin stop

now make sure ALL LDM rpc and processes have stopped

ps -ef | grep ldm

and/or

ps -ef | grep rpc

when none are appearing as active  no rpc or ldm owned processes
(generally less than one minute)

ldmadmin start

That should do it, and I suspect you will see the errors go away.

However, we may want the stats, so we may need to make future changes,
this is kindof a debugging process.


Thank you,

-Jeff
____________________________                  _____________________
Jeff Weber                                    address@hidden
Unidata Support                               PH:303-497-8676 
NWS-COMET Case Study Library                  FX:303-497-8690
University Corp for Atmospheric Research      3300 Mitchell Ln
http://www.unidata.ucar.edu/staff/jweber      Boulder,Co 80307-3000
________________________________________      ______________________

On Wed, 6 Mar 2002, Anne Gorczyca wrote:

> Jeff:
> 
> The error log on our firewall is showing entries like this after I blocked 
> port 113
> yesterday afternoon:
> 
> 03/05/2002 23:35:01.736 -     TCP connection dropped -        
> Source:128.117.140.62, 39136, WAN -   Destination:192.52.65.171, 113, LAN -   
> 'Authentication' -    Rule 67
> 
> 
> Earlier, when I had that port open and was logging everything to syslog, 
> here's an
> example of what was recorded:
> 
> Dec 30 02:35:01 hercules id=firewall time="2001-12-30 02:35:01" 
> fw=192.52.65.7 pri=6 
> proto=tcp/113 src=128.117.140.62 dst=192.52.65.171 rcvd=260 sn=0040100EADB5 
> c=1024 m=98 
> n=21126
> 
> 
> I can pin point the exact time and date that these packets started arriving.
> It was 2:35 pm on 12/19/01.  I opened port 113 on 12/20/01 and notified Frank.
> 
> Good luck finding the cause.
> 
> Thank you.
> Anne
> 
> 
> 
> >>> Date: Wed, 6 Mar 2002 12:47:24 -0700 (MST)
> >>> From: Jeff Weber <address@hidden>
> >>> To: address@hidden, address@hidden, Teresa Van Hove 
> <address@hidden>
> >>> cc: address@hidden
> >>> Subject: Re: 20020305: suominet
> >>> 
> >>> Hello Anne and Frank, 
> >>> 
> >>> We do not have an LDM running on laraine...
> >>> 
> >>> I suspect either dostats or pqbinstats..
> >>> 
> >>> Could you please send me a relevant portion of your log so we can
> >>> determine why these messages are populating your log.
> >>> 
> >>> Portmapper 111 and LDM 388 is all we need, but I am quite curious as to
> >>> what is happening on 113..
> >>> 
> >>> 
> >>> Thank you,
> >>> 
> >>> -Jeff
> >>> ____________________________                  _____________________
> >>> Jeff Weber                                    address@hidden
> >>> Unidata Support                               PH:303-497-8676 
> >>> NWS-COMET Case Study Library                  FX:303-497-8690
> >>> University Corp for Atmospheric Research      3300 Mitchell Ln
> >>> http://www.unidata.ucar.edu/staff/jweber      Boulder,Co 80307-3000
> >>> ________________________________________      ______________________
> >>> 
> >>> On Wed, 6 Mar 2002, Unidata Support wrote:
> >>> 
> >>> > 
> >>> > ------- Forwarded Message
> >>> > 
> >>> > >To: "address@hidden" <address@hidden>,
> >>> > >To: "Frank D. Lind" <address@hidden>,
> >>> > >To: shad <address@hidden>
> >>> > >From: Teresa Van Hove <address@hidden>
> >>> > >Subject: [Fwd: Re: suominet]
> >>> > >Organization: GST
> >>> > >Keywords: 200203061626.g26GQhK16901
> >>> > 
> >>> > Unidata support, 
> >>> > 
> >>> > Can you turn off the request to MIT suominet site from laraine?  
> >>> > They are getting an authentication request.  We dont need that
> >>> > port for our routine ldm collection of their data. 
> >>> > 
> >>> > Thanks,
> >>> > 
> >>> > Teresa
> >>> > 
> >>> > -------- Original Message --------
> >>> > Subject: Re: suominet
> >>> > Date: Wed, 06 Mar 2002 10:19:03 -0500
> >>> > From: "Frank D. Lind" <address@hidden>
> >>> > To: Teresa Van Hove <address@hidden>
> >>> > CC: shad oneel <address@hidden>, Anne Gorczyca
> >>> > <address@hidden>
> >>> > References: <address@hidden>
> >>> > <address@hidden> <3
> >>> > 
> >>> > Hi Teresa,
> >>> > 
> >>> > We have configured our firewall as follows now :
> >>> > 
> >>> > 128.117.39.0/24 subnet : allow 21 (ssh), 111 (rpc), 388 (ldm)
> >>> > 128.117.29.0/24 subnet : allow 21 (ssh), 111 (rpc), 388 (ldm)
> >>> > 
> >>> > You should be able to access the suominet machine 192.52.65.171 from
> >>> > any host on the two subnets now. We have noticed that our firewall is
> >>> > now
> >>> > blocking hourly requests from host 128.117.140.62 
> >>> > (laraine.unidata.ucar.edu)
> >>> > on port 113/tcp. Is port 113 (authentication service) from this host 
> >>> > required
> >>> > or can you guys turn the requests off at the source so they don't fill 
> >>> > up our log files?
> >>> > 
> >>> > Thanks,
> >>> > 
> >>> > Frank Lind
> >>> > 
> >>> > 
> >>> > -- 
> >>> > Frank D. Lind                   email: address@hidden   
> >>> > MIT Haystack Observatory        WWW: http://www.haystack.mit.edu
> >>> > Route 40                                tel: 781 981 5570
> >>> > Westford, MA  01886  USA        fax: 781 981 5766
> >>> > 
> >>> > 
> >>> > ------- End of Forwarded Message
> >>> > 
> >>> > 
> >>> 
> >>> 
> 
>
Prev by Date: Re: 20020305: suominet
Next by Date: 20020407: 20020305: suominet
Previous by thread: Re: 20020305: suominet
Next by thread: 20020407: 20020305: suominet
Index(es):
- Date
- Thread