We have four different unix machines, some running Solaris 2.6, the others
are Solaris 8.
On all of these machines we are getting rsh: bad connection messages in the
/var/adm/messages log. They occur continually every few minutes.
Examples are given below.
Can anyone shed any light on this, any suggestions welcome.
This is the log from the Solaris 2.6 machine
Jul 23 11:09:15 phys-bathstreet bsd-gw[13645]: Error reading from
connection: Ba
d file number
Jul 23 11:17:20 phys-bathstreet bsd-gw[15753]: Error reading from
connection: Ba
d file number
Jul 23 11:17:24 phys-bathstreet rsh[15755]: connection from bad port
Jul 23 11:19:13 phys-bathstreet rsh[16196]: connection from bad port
Jul 23 11:19:15 phys-bathstreet bsd-gw[16198]: Error reading from
connection: Ba
d file number
This is the log from the Solaris 8 machine
Jul 23 10:31:28 efinancial-app rsh[27786]: [ID 769467 daemon.notice]
connection
from bad port
Jul 23 10:41:28 efinancial-app rsh[27799]: [ID 769467 daemon.notice]
connection
from bad port
Jul 23 10:51:28 efinancial-app rsh[27812]: [ID 769467 daemon.notice]
connection
from bad port
Jul 23 11:01:28 efinancial-app rsh[27825]: [ID 769467 daemon.notice]
connection
from bad port
Jul 23 11:11:28 efinancial-app rsh[27838]: [ID 769467 daemon.notice]
connection
from bad port
Thanks
Steve
Connections to rshd need to originate from a "privledged" TCP port - ie,
one below 1024. Most applications will use a port above 1024 to connect,
and if rsh receives a connection from such a port it will log the error
you've got above.
eg, "telnet localhost shell" will generate exactly the message you're
getting.
So now you just need to work out who's connecting to your "shell" port -
snoop should be able to help you out there.
Scott