Re: [ID 800047 auth.crit] fatal: Read from socket failed: Connection reset by peer

From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 03/20/04

• Next message: Mark T. Kennedy: "Re: ssh-agent stacks up in Linux"
• Previous message: Darren Tucker: "Re: Password Auth - "illegal user""
• In reply to: Rebecca: "[ID 800047 auth.crit] fatal: Read from socket failed: Connection reset by peer"
• Next in thread: Rebecca: "Re: [ID 800047 auth.crit] fatal: Read from socket failed: Connection reset by peer"
• Reply: Rebecca: "Re: [ID 800047 auth.crit] fatal: Read from socket failed: Connection reset by peer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sat, 20 Mar 2004 00:17:48 +0000 (UTC)

In article <7c81eee2.0403191119.1bc8f271@posting.google.com>,
Rebecca <rebecca@unterlaw.com> wrote:
>I'm running the ssh that came bundled with Sol9 on a sun blade 100

With all the patches, I hope?

>with a QFE card as my firewall. I jumpstarted the box and installed
>the fw in my test lab and all seemed well. Logs were clean.
>
>I put the firewall into production on Monday night, since then,
>/var/adm/messages is full of this
>[ID 800047 auth.crit] fatal: Read from socket failed: Connection reset
>by peer
>
>Over and over and over again. None of my other Sol9 boxes are behaving
>this way, so I can't believe it's the solaris ssh that's having a fit.
>My previous firewall was the exact same os/fw configuration, only it
>was running on an ultra 1 with an sbus qfe and I had no problems.

It is probably the result of someone portscanning with software like
nmap. Do you rules allow connections to sshd from the outside world?

You can use "snoop" to try to figure out where the packets are coming
from.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

---

• Next message: Mark T. Kennedy: "Re: ssh-agent stacks up in Linux"
• Previous message: Darren Tucker: "Re: Password Auth - "illegal user""
• In reply to: Rebecca: "[ID 800047 auth.crit] fatal: Read from socket failed: Connection reset by peer"
• Next in thread: Rebecca: "Re: [ID 800047 auth.crit] fatal: Read from socket failed: Connection reset by peer"
• Reply: Rebecca: "Re: [ID 800047 auth.crit] fatal: Read from socket failed: Connection reset by peer"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Starting up problem ... It contains advice ... It may help speed up your system, but it should be clean ... using Windows XP "prettifications". ... You should at least turn on the built in firewall. ... (microsoft.public.windowsxp.help_and_support) Re: question about the new service pack 2 ... It contains advice ... It may help speed up your system, but it should be clean ... using Windows XP "prettifications". ... You should at least turn on the built in firewall. ... (microsoft.public.windowsxp.newusers) Re: Hey ... Secure it, clean it, and that way you know you have done what you could... ... It contains advice ... using Windows XP "prettifications". ... You should at least turn on the built in firewall. ... (microsoft.public.windowsxp.security_admin) Re: xp sp2 ... Can I uninstall or fix this? ... > Windows XP, I suggest you clean up your system first. ... You should at least turn on the built in firewall. ... (microsoft.public.windowsxp.perform_maintain) Re: Strange WAN Activity ... > firewall logs for a possible TCP FIN scan that keeps ... > company's intranet server IP and its port 80 across our ... > My firewall is a Sonicwall Pro 200 and I'm running W2K ... It's difficult to be sure without inspecting the web server for signs of ... (microsoft.public.win2000.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.ssh  > 2004-03