Hi folks.
During the last weeks I received some alerts about
ssh connections from UNKNOWN. E.g.:
Jul 17 08:54:25 piglet sshd[7762]: Did not receive
identification
string from UNKNOWN
Jul 26 05:27:54 piglet sshd[31895]: Did not receive
identification
string from UNKNOWN
After a fast look at the code it seems that getpeername()
fails.
According to the man page there are several reasons:
[... snipp ...]
ERRORS
On failure, errno is set to one of the following:
[EBADF] The argument s is not a valid descriptor.
[ENOTSOCK] The argument s is a file, not a socket.
[ENOTCONN] The socket is not connected.
[ENOBUFS] Insufficient resources were available in
the system to per-
form the operation.
[EFAULT] The name or namelen parameter points to
memory not in a
valid part of the process address space.
[... snipp ...]
So some thougts about the reasons that may be a failure:
ENOBUFS - Not possible. Although I use 68% of the allocated
mbufs I was able
to establish new connections from the outside.
ENOTCONN and EBADF - As far as I know it is not possible,
because the connection
log occurs after completing the TCP hand shake.
EFAULT- Impossible since I am using OpenBSD 
ENOTSOCK- Connecting to OpenSSH not using a socket? WTF?
Is there anyone out there who can help me with this -strange
(at
least for me)- message.
Many thanks in advance,
Andreas.
P.S.: The system is:
OpenBSD piglet.badphish.dyndns.org 3.9 GENERIC#617 i386
running sshd version:
OpenSSH_4.3, OpenSSL 0.9.7g 11 Apr 2005
--
Hobbes : Shouldn't we read the instructions?
Calvin : Do I look like a sissy?
|