Joined: 04 Feb 2007 Posts: 426 Location: Fountain of Youth
Posted: Mon Nov 07, 2011 7:54 Post subject: Optware log: xinetd started too often
As you can see that this message is quickly filling up my log file, because xinetd is started more than once per second from my laptop (192.168.8.116).
I am wondering what is causing this and what corrective action can be taken. Please weigh-in if you have seen this symptom and understand its root cause. Thank you.
Quote:
Nov 6 20:33:21 athomehost authpriv.info xinetd[3546]: START: www pid=15130 from=192.168.8.116
Nov 6 20:33:22 athomehost authpriv.info xinetd[3546]: START: www pid=15131 from=192.168.8.116
Nov 6 20:33:22 athomehost authpriv.info xinetd[3546]: START: www pid=15132 from=192.168.8.116
Nov 6 20:33:22 athomehost authpriv.info xinetd[3546]: START: www pid=15133 from=192.168.8.116
Nov 6 20:33:23 athomehost authpriv.info xinetd[3546]: START: www pid=15134 from=192.168.8.116
Nov 6 20:33:23 athomehost authpriv.info xinetd[3546]: START: www pid=15135 from=192.168.8.116
Nov 6 20:33:23 athomehost authpriv.info xinetd[3546]: START: www pid=15136 from=192.168.8.116
Nov 6 20:33:24 athomehost authpriv.info xinetd[3546]: START: www pid=15137 from=192.168.8.116
Nov 6 20:33:24 athomehost authpriv.info xinetd[3546]: START: www pid=15140 from=192.168.8.116
Nov 6 20:33:24 athomehost authpriv.info xinetd[3546]: START: www pid=15141 from=192.168.8.116
Nov 6 20:33:24 athomehost authpriv.info xinetd[3546]: START: www pid=15142 from=192.168.8.116
Nov 6 20:33:25 athomehost authpriv.info xinetd[3546]: START: www pid=15143 from=192.168.8.116
Nov 6 20:33:25 athomehost authpriv.info xinetd[3546]: START: www pid=15144 from=192.168.8.116
Nov 6 20:33:25 athomehost authpriv.info xinetd[3546]: START: www pid=15145 from=192.168.8.116
Nov 6 20:33:26 athomehost authpriv.info xinetd[3546]: START: www pid=15146 from=192.168.8.116
Nov 6 20:33:26 athomehost authpriv.info xinetd[3546]: START: www pid=15147 from=192.168.8.116
Nov 6 20:33:26 athomehost authpriv.info xinetd[3546]: START: www pid=15148 from=192.168.8.116
Nov 6 20:33:27 athomehost authpriv.info xinetd[3546]: START: www pid=15149 from=192.168.8.116
root@athomehost:/opt/var/log# ls -l | grep messages
-rw-rw-rw- 1 root root 1853003 Nov 7 03:42 messages
-rw-rw-rw- 1 root root 2048082 Nov 5 20:05 messages.0
-rw-rw-rw- 1 root root 2048073 Nov 1 16:05 messages.1
-rw-rw-rw- 1 root root 453570 Oct 24 18:30 messages.10
-rw-rw-rw- 1 root root 2048019 Nov 1 14:06 messages.2
-rw-rw-rw- 1 root root 2048034 Nov 1 05:15 messages.3
-rw-rw-rw- 1 root root 2048024 Nov 1 01:02 messages.4
-rw-rw-rw- 1 root root 2048041 Oct 31 16:05 messages.5
-rw-rw-rw- 1 root root 2048027 Oct 27 20:15 messages.6
-rw-rw-rw- 1 root root 2048034 Oct 27 17:41 messages.7
-rw-rw-rw- 1 root root 2048066 Oct 24 07:45 messages.8
-rw-r--r-- 1 root root 6063287 Oct 21 21:15 messages.9 _________________ My Routers | RT-N16 Wiki | TMO Cellspot Wiki Peacock Flashing | Wireless N Conf | Linking Routers |
DD-WRT Wiki | DD-WRT Builds | Broadcom FAQ| QoS| OTRW
Last edited by gatorback on Mon Nov 07, 2011 19:32; edited 1 time in total
Guys... these messages get generated when you are on any of the router's web pages. One entry gets generated every time the router page you are on refreshes.
If you close the browser session to the router, these messages stop.
Joined: 06 Aug 2013 Posts: 2 Location: Somewhere in Washington
Posted: Thu Aug 29, 2013 18:03 Post subject:
Sorry to dig up an ancient thread, but hopefully this might help someone else.
I am running kong mega 220000 on a linksys e4200. I have optware2 installed and am running
xinetd
pixelserv
fixtables
stophammer
asiablock
sshhack
stophack
mypage
I noticed I was getting this same xinetd spam about starting www in wallwatcher.
I also noticed even though pixelserv moves httpd to port 88, I was still listening on port 80.
using netstat -l -v --numeric-ports -p I discovered xinetd was the culprit. I don't know if this is by design, or what, I am still researching.
Anyway, if I connected to the admin page using port 88 I don't get the xinetd messages.
However if I connect to the admin page using port 80, not only do I still get the admin page, xinetd is going nuts. (It appears it's spawning a www process that immediately dies, so in order to fulfill all the http requests it keeps starting them)
Anyhow, I am still investigating why xinetd is doing this(for all I know it's by design) I may look at just blocking port 80.
Allows a tcp service to be redirected to another host. When xinetd receives a tcp connection on this port it spawns a process that establishes a connection to the host and port number specified, and forwards all data between the two hosts. This option is useful when your internal machines are not visible to the outside world. Syntax is: redirect = (ip address) (port). You can also use a hostname instead of the IP address in this field. The hostname lookup is performed only once, when xinetd is started, and the first IP address returned is the one that is used until xinetd is restarted. The "server" attribute is not required when this option is specified. If the "server" attribute is specified, this attribute takes priority.