We help IT Professionals succeed at work.

Received disconnect from 201.###.###.34 port 58985:11: Normal Shutdown, Thank you for playing [preauth]

Ridgejp
Ridgejp asked
on
3,077 Views
Last Modified: 2017-04-03
Hi All,

Getting the above following message in my auth.log on my server from the above ip and many others ... what does this mean?

J
Comment
Watch Question

CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
lsof -i:11
Check what ports you have open
netstat -an | grep -i listen
Is your system directly exposed to the net, make sure to limit what ports are accessible.

Do you allow users to connect to your system, this port is being used to update each user's status.

https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml

Author

Commented:
This is a screenshot of the results of your terminal command...

tcp        0      0 ###.#.#.#:3306          0.0.0.0:*               LISTEN    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN    
tcp6       0      0 :::80                   :::*                    LISTEN    
tcp6       0      0 :::22                   :::*                    LISTEN    
tcp6       0      0 :::443                  :::*                    LISTEN    
unix  2      [ ACC ]     STREAM     LISTENING     7975     /run/lvm/lvmetad.socket
unix  2      [ ACC ]     STREAM     LISTENING     17044    /run/user/1000/systemd/private
unix  2      [ ACC ]     SEQPACKET  LISTENING     7977     /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     7976     /run/lvm/lvmpolld.socket
unix  2      [ ACC ]     STREAM     LISTENING     7982     /run/systemd/journal/stdout
unix  2      [ ACC ]     STREAM     LISTENING     12100    /run/snapd.socket
unix  2      [ ACC ]     STREAM     LISTENING     12108    /var/lib/lxd/unix.socket
unix  2      [ ACC ]     STREAM     LISTENING     12102    /run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     12101    /run/snapd-snap.socket
unix  2      [ ACC ]     STREAM     LISTENING     12107    /run/uuidd/request
unix  2      [ ACC ]     STREAM     LISTENING     12109    /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     12971    @ISCSIADM_ABSTRACT_NAMESPACE
unix  2      [ ACC ]     STREAM     LISTENING     16685    /var/run/mysqld/mysqld.sock
unix  2      [ ACC ]     STREAM     LISTENING     7970     /run/systemd/private
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
If your system is directly connected to the Internet, make sure you have sfw setup to limit/restrict... To shield your system...

Check you xinetd configuration......

Author

Commented:
Pleas expand on your comments...
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
201.###.###.34
Is that what you see in auth.log, or did you mask part of the address with "#" characters? If you masked the address, is it your IP address?

I ask because it's odd to mask some unknown address if you don't know what it is. And if it's your address, it might significantly change the context of the question.

Author

Commented:
Apologies I'd reacted by masking it not realising it had nothing to do with me ... just re-run the command and the following is the latest: -

tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN    
tcp        0      0 127.0.0.1:587           0.0.0.0:*               LISTEN    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN    
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN    
tcp6       0      0 :::80                   :::*                    LISTEN    
tcp6       0      0 :::22                   :::*                    LISTEN    
tcp6       0      0 :::443                  :::*                    LISTEN    
unix  2      [ ACC ]     STREAM     LISTENING     8039     /run/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     22091    /run/user/1000/systemd/private
unix  2      [ ACC ]     SEQPACKET  LISTENING     8044     /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     8056     /run/lvm/lvmetad.socket
unix  2      [ ACC ]     STREAM     LISTENING     8057     /run/lvm/lvmpolld.socket
unix  2      [ ACC ]     STREAM     LISTENING     8058     /run/systemd/journal/stdout
unix  2      [ ACC ]     STREAM     LISTENING     12728    /run/uuidd/request
unix  2      [ ACC ]     STREAM     LISTENING     12727    /var/lib/lxd/unix.socket
unix  2      [ ACC ]     STREAM     LISTENING     12729    /run/snapd.socket
unix  2      [ ACC ]     STREAM     LISTENING     12730    /run/snapd-snap.socket
unix  2      [ ACC ]     STREAM     LISTENING     12731    /run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     12732    /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     15981    /var/run/sendmail/mta/smcontrol
unix  2      [ ACC ]     STREAM     LISTENING     13553    @ISCSIADM_ABSTRACT_NAMESPACE
unix  2      [ ACC ]     STREAM     LISTENING     16779    /var/run/mysqld/mysqld.sock
unix  2      [ ACC ]     STREAM     LISTENING     22307    /var/run/fail2ban/fail2ban.sock

Author

Commented:
I've subsequently installed Fail2Ban having done a little further research on subject and set up sendmail to report the ip addresses that result in a banned status. Is there anything more that I should be doing?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
the 11 might be an internal notifier from your own applications.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions