Ken Hardy wrote:
> I wrote:
> >Every couple of days we get an attempted connection to port 7777 from
> >scripps.edu, so I put a byte sucker on that port to log any received
> >data. It seems to be a 4 digit and a 2 digit number separated by a
> >comma, followed by a carriage return.
> Further investigation made it apparent that the connection to my port
> 7777 was occuring whenever a connection was made to the remote system's
> SMTP port. The data I captured, two comma-separated decimal numbers
> followed by a <CR><LF>, is identical to an IDENT query. The second number
> was always 25. The lightbulb lights!
> I relayed this information to the site's admin. He reports that they
> had recently installed a new version of sendmail which does IDENT
> queries, but why to port 7777? The admin's latest message to me:
> >You were on the right track with your comment about services..
> >We are a heavy user of NIS and ident is not a standard Solaris
> >/etc/services daemon. I found that the NIS file contained
> >an ident entry with an alias of auth.. There was an auth entry
> >in the NIS file at port 7777.. I converted it to only use
> >a local copy of the services file.. Hopefully, this will cause
> >the probing you were seeing to go away.. If it doesn't please
> >let me know.. THANKS for the heads-up on the problem!
> I don't see this on any of my Solaris systems (not using NIS). I'd
> guess that someone had put an "auth" entry in at 7777 to refer to TIS'
> authsrv, which uses that port.
It looks like TIS default authserver database set-up.....
Donald R. Guillot