Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

rsh bad connection messages

409 views
Skip to first unread message

Sue Preece

unread,
Jul 23, 2003, 6:35:09 AM7/23/03
to
Hi

We have four different unix machines, some running Solaris 2.6, the others
are Solaris 8.

On all of these machines we are getting rsh: bad connection messages in the
/var/adm/messages log. They occur continually every few minutes.
Examples are given below.

Can anyone shed any light on this, any suggestions welcome.

This is the log from the Solaris 2.6 machine

Jul 23 11:09:15 phys-bathstreet bsd-gw[13645]: Error reading from
connection: Ba
d file number
Jul 23 11:17:20 phys-bathstreet bsd-gw[15753]: Error reading from
connection: Ba
d file number
Jul 23 11:17:24 phys-bathstreet rsh[15755]: connection from bad port
Jul 23 11:19:13 phys-bathstreet rsh[16196]: connection from bad port
Jul 23 11:19:15 phys-bathstreet bsd-gw[16198]: Error reading from
connection: Ba
d file number

This is the log from the Solaris 8 machine

Jul 23 10:31:28 efinancial-app rsh[27786]: [ID 769467 daemon.notice]
connection
from bad port
Jul 23 10:41:28 efinancial-app rsh[27799]: [ID 769467 daemon.notice]
connection
from bad port
Jul 23 10:51:28 efinancial-app rsh[27812]: [ID 769467 daemon.notice]
connection
from bad port
Jul 23 11:01:28 efinancial-app rsh[27825]: [ID 769467 daemon.notice]
connection
from bad port
Jul 23 11:11:28 efinancial-app rsh[27838]: [ID 769467 daemon.notice]
connection
from bad port

Thanks
Steve


Scott Howard

unread,
Jul 23, 2003, 7:39:26 AM7/23/03
to
Sue Preece <spr...@herefordshire.gov.uk> wrote:
> On all of these machines we are getting rsh: bad connection messages in the
> /var/adm/messages log. They occur continually every few minutes.
> Examples are given below.
>
> Can anyone shed any light on this, any suggestions welcome.
>
> This is the log from the Solaris 2.6 machine
>
> Jul 23 11:17:24 phys-bathstreet rsh[15755]: connection from bad port
> Jul 23 11:19:13 phys-bathstreet rsh[16196]: connection from bad port

Connections to rshd need to originate from a "privledged" TCP port - ie,
one below 1024. Most applications will use a port above 1024 to connect,
and if rsh receives a connection from such a port it will log the error
you've got above.

eg, "telnet localhost shell" will generate exactly the message you're
getting.

So now you just need to work out who's connecting to your "shell" port -
snoop should be able to help you out there.

Scott

0 new messages