The FreeBSD Diary

inetd[128]: auth/tcp server failing (looping), service terminated

I had no idea what it meant.  But if you read man inetd, it explains it:

service/protocol server failing (looping), service terminated. The number of requests for the specified service in the past minute ex- ceeded the limit. The limit exists to prevent a broken program or a ma- licious user from swamping the system. This message may occur for sever- al reasons:

1. There are many hosts requesting the service within a short time period.

2. A broken client program is requesting the service too fre- quently.

3. A malicious user is running a program to invoke the service in a denial-of-service attack.

4. The invoked service program has an error that causes clients to retry quickly.

Use the -R rate option, as described above, to change the rate limit. Once the limit is reached, the service will be reenabled automatically in 10 minutes.

Essentially, inetd is getting more requests for the auth service than it has been told to handle.  The auth service is handled by identd on my box.

# grep inetd /etc/defaults/rc.conf
inetd_enable="YES"       # Run the network daemon dispatcher (or NO).
inetd_flags="-wW"        # Optional flags to inetd

So I added this to /etc/rc.conf:

inetd_flags="-wW -R 1024"        # Optional flags to inetd

Note that you should not modify /etc/defaults/rc.conf.

tcpdump -i ed0 port 113

This command shows me the ongoing mail log:

tail -F /var/log/maillog

I could easily see that when the mail messages started flowing, the auth requests started as well.  That's normal.  Most mail servers act that way.  They use auth as part of the security check.

Then I hup'd inetd:

killall -hup inetd

But after about ten minutes, the problem returned.

killall -term inetd

Then I started inetd using the same flags from /etc/rc.conf:

/usr/sbin/inetd -wW -R 1024

The problem did not recur.  Yea team!