Received disconnect from 201.###.###.34 port 58985:11: Normal Shutdown, Thank you for playing [preauth]
Hi All,
Getting the above following message in my auth.log on my server from the above ip and many others ... what does this mean?
J
Getting the above following message in my auth.log on my server from the above ip and many others ... what does this mean?
J
lsof -i:11
Check what ports you have open
netstat -an | grep -i listen
Is your system directly exposed to the net, make sure to limit what ports are accessible.
Do you allow users to connect to your system, this port is being used to update each user's status.
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
Check what ports you have open
netstat -an | grep -i listen
Is your system directly exposed to the net, make sure to limit what ports are accessible.
Do you allow users to connect to your system, this port is being used to update each user's status.
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
This is a screenshot of the results of your terminal command...
tcp 0 0 ###.#.#.#:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 7975 /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 17044 /run/user/1000/systemd/pri
unix 2 [ ACC ] SEQPACKET LISTENING 7977 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 7976 /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 7982 /run/systemd/journal/stdou
unix 2 [ ACC ] STREAM LISTENING 12100 /run/snapd.socket
unix 2 [ ACC ] STREAM LISTENING 12108 /var/lib/lxd/unix.socket
unix 2 [ ACC ] STREAM LISTENING 12102 /run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 12101 /run/snapd-snap.socket
unix 2 [ ACC ] STREAM LISTENING 12107 /run/uuidd/request
unix 2 [ ACC ] STREAM LISTENING 12109 /var/run/dbus/system_bus_s
unix 2 [ ACC ] STREAM LISTENING 12971 @ISCSIADM_ABSTRACT_NAMESPA
unix 2 [ ACC ] STREAM LISTENING 16685 /var/run/mysqld/mysqld.soc
unix 2 [ ACC ] STREAM LISTENING 7970 /run/systemd/private
tcp 0 0 ###.#.#.#:3306 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 7975 /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 17044 /run/user/1000/systemd/pri
unix 2 [ ACC ] SEQPACKET LISTENING 7977 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 7976 /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 7982 /run/systemd/journal/stdou
unix 2 [ ACC ] STREAM LISTENING 12100 /run/snapd.socket
unix 2 [ ACC ] STREAM LISTENING 12108 /var/lib/lxd/unix.socket
unix 2 [ ACC ] STREAM LISTENING 12102 /run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 12101 /run/snapd-snap.socket
unix 2 [ ACC ] STREAM LISTENING 12107 /run/uuidd/request
unix 2 [ ACC ] STREAM LISTENING 12109 /var/run/dbus/system_bus_s
unix 2 [ ACC ] STREAM LISTENING 12971 @ISCSIADM_ABSTRACT_NAMESPA
unix 2 [ ACC ] STREAM LISTENING 16685 /var/run/mysqld/mysqld.soc
unix 2 [ ACC ] STREAM LISTENING 7970 /run/systemd/private
If your system is directly connected to the Internet, make sure you have sfw setup to limit/restrict... To shield your system...
Check you xinetd configuration......
Check you xinetd configuration......
201.###.###.34
Is that what you see in auth.log, or did you mask part of the address with "#" characters? If you masked the address, is it your IP address?
I ask because it's odd to mask some unknown address if you don't know what it is. And if it's your address, it might significantly change the context of the question.
Is that what you see in auth.log, or did you mask part of the address with "#" characters? If you masked the address, is it your IP address?
I ask because it's odd to mask some unknown address if you don't know what it is. And if it's your address, it might significantly change the context of the question.
Apologies I'd reacted by masking it not realising it had nothing to do with me ... just re-run the command and the following is the latest: -
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 8039 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 22091 /run/user/1000/systemd/pri
unix 2 [ ACC ] SEQPACKET LISTENING 8044 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 8056 /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 8057 /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 8058 /run/systemd/journal/stdou
unix 2 [ ACC ] STREAM LISTENING 12728 /run/uuidd/request
unix 2 [ ACC ] STREAM LISTENING 12727 /var/lib/lxd/unix.socket
unix 2 [ ACC ] STREAM LISTENING 12729 /run/snapd.socket
unix 2 [ ACC ] STREAM LISTENING 12730 /run/snapd-snap.socket
unix 2 [ ACC ] STREAM LISTENING 12731 /run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 12732 /var/run/dbus/system_bus_s
unix 2 [ ACC ] STREAM LISTENING 15981 /var/run/sendmail/mta/smco
unix 2 [ ACC ] STREAM LISTENING 13553 @ISCSIADM_ABSTRACT_NAMESPA
unix 2 [ ACC ] STREAM LISTENING 16779 /var/run/mysqld/mysqld.soc
unix 2 [ ACC ] STREAM LISTENING 22307 /var/run/fail2ban/fail2ban
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:587 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp6 0 0 :::80 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 :::443 :::* LISTEN
unix 2 [ ACC ] STREAM LISTENING 8039 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 22091 /run/user/1000/systemd/pri
unix 2 [ ACC ] SEQPACKET LISTENING 8044 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 8056 /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 8057 /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 8058 /run/systemd/journal/stdou
unix 2 [ ACC ] STREAM LISTENING 12728 /run/uuidd/request
unix 2 [ ACC ] STREAM LISTENING 12727 /var/lib/lxd/unix.socket
unix 2 [ ACC ] STREAM LISTENING 12729 /run/snapd.socket
unix 2 [ ACC ] STREAM LISTENING 12730 /run/snapd-snap.socket
unix 2 [ ACC ] STREAM LISTENING 12731 /run/acpid.socket
unix 2 [ ACC ] STREAM LISTENING 12732 /var/run/dbus/system_bus_s
unix 2 [ ACC ] STREAM LISTENING 15981 /var/run/sendmail/mta/smco
unix 2 [ ACC ] STREAM LISTENING 13553 @ISCSIADM_ABSTRACT_NAMESPA
unix 2 [ ACC ] STREAM LISTENING 16779 /var/run/mysqld/mysqld.soc
unix 2 [ ACC ] STREAM LISTENING 22307 /var/run/fail2ban/fail2ban
I've subsequently installed Fail2Ban having done a little further research on subject and set up sendmail to report the ip addresses that result in a banned status. Is there anything more that I should be doing?
Gain unlimited access to on-demand training courses with an Experts Exchange subscription.
Get AccessWhy Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions