Sampsa Laine <sampsa at mac.com> writes:
On 30 Nov 2013, at 22:25, "Brian Schenkenberger, VAXman-" =
<system at TMESIS.COM> wrote:
Sampsa Laine <sampsa at mac.com> writes:
=20
=20
On 30 Nov 2013, at 22:07, "Brian Schenkenberger, VAXman-" =3D
<system at TMESIS.COM> wrote:
=20
Sampsa Laine <sampsa at mac.com> writes:
=3D20
Just saw this on LABVAX:
=3D20
%%%%%%%%%%% OPCOM 30-NOV-2013 21:28:47.27 %%%%%%%%%%%
Message from user AUDIT$SERVER on LABVAX
Security alarm (SECURITY) and security audit (SECURITY) on LABVAX, =
=3D3D
system id: 48683
Auditable event: Local interactive login failure
Event time: 30-NOV-2013 21:28:47.21
PID: 22E00220 =3D3D20
Process name: _NTY215: =3D3D20
Username: <login> =3D3D20
Process owner: [SYSTEM]
Terminal name: _NTY215:, =3D
122.138.48.116.static.netvigator.com
Image name: =3D3D
$77$DUA0:[SYS10.SYSCOMMON.][SYSEXE]LOGINOUT.EXE
Status: %LOGIN-F-CMDINPUT, error reading command =
=3D
input
=3D20
Confused as it doesn't look like a telnet logon, I thought telnet =
=3D3D
terminal IDs were TN-something?
=3D20
sampsa <sampsa at mac.com>
mobile +44 7961 149465
=3D20
Multinet installed???
=3D20
=20
Yup lol. I'm an idiot. Actually why is a Telnet login marked as LOCAL =
=3D
when it's marked REMOTE by UCX/TCP/IP Services?
=20
Sampsa
=20
I do believe there's a Multinet Server parameter to change that. =
Personally,
I believe it SHOULD be remote. It's one way I keep accounts safe; =
access to
accounts on my system to not maintain REMOTE or DIALUP.
=20
Ok thanks - I was noticing this in my ArcSight monitoring box, DECNET =
connections were marked as network / remote but tcp/ip were local. Need =
to change that param at some point..
sampsa
On 30 Nov 2013, at 22:25, "Brian Schenkenberger, VAXman-" <system at TMESIS.COM> wrote:
Sampsa Laine <sampsa at mac.com> writes:
On 30 Nov 2013, at 22:07, "Brian Schenkenberger, VAXman-" =
<system at TMESIS.COM> wrote:
Sampsa Laine <sampsa at mac.com> writes:
=20
Just saw this on LABVAX:
=20
%%%%%%%%%%% OPCOM 30-NOV-2013 21:28:47.27 %%%%%%%%%%%
Message from user AUDIT$SERVER on LABVAX
Security alarm (SECURITY) and security audit (SECURITY) on LABVAX, =3D
system id: 48683
Auditable event: Local interactive login failure
Event time: 30-NOV-2013 21:28:47.21
PID: 22E00220 =3D20
Process name: _NTY215: =3D20
Username: <login> =3D20
Process owner: [SYSTEM]
Terminal name: _NTY215:, =
122.138.48.116.static.netvigator.com
Image name: =3D
$77$DUA0:[SYS10.SYSCOMMON.][SYSEXE]LOGINOUT.EXE
Status: %LOGIN-F-CMDINPUT, error reading command =
input
=20
Confused as it doesn't look like a telnet logon, I thought telnet =3D
terminal IDs were TN-something?
=20
sampsa <sampsa at mac.com>
mobile +44 7961 149465
=20
Multinet installed???
=20
Yup lol. I'm an idiot. Actually why is a Telnet login marked as LOCAL =
when it's marked REMOTE by UCX/TCP/IP Services?
Sampsa
I do believe there's a Multinet Server parameter to change that. Personally,
I believe it SHOULD be remote. It's one way I keep accounts safe; access to
accounts on my system to not maintain REMOTE or DIALUP.
Ok thanks - I was noticing this in my ArcSight monitoring box, DECNET connections were marked as network / remote but tcp/ip were local. Need to change that param at some point..
sampsa
Sampsa Laine <sampsa at mac.com> writes:
On 30 Nov 2013, at 22:07, "Brian Schenkenberger, VAXman-" =
<system at TMESIS.COM> wrote:
Sampsa Laine <sampsa at mac.com> writes:
=20
Just saw this on LABVAX:
=20
%%%%%%%%%%% OPCOM 30-NOV-2013 21:28:47.27 %%%%%%%%%%%
Message from user AUDIT$SERVER on LABVAX
Security alarm (SECURITY) and security audit (SECURITY) on LABVAX, =3D
system id: 48683
Auditable event: Local interactive login failure
Event time: 30-NOV-2013 21:28:47.21
PID: 22E00220 =3D20
Process name: _NTY215: =3D20
Username: <login> =3D20
Process owner: [SYSTEM]
Terminal name: _NTY215:, =
122.138.48.116.static.netvigator.com
Image name: =3D
$77$DUA0:[SYS10.SYSCOMMON.][SYSEXE]LOGINOUT.EXE
Status: %LOGIN-F-CMDINPUT, error reading command =
input
=20
Confused as it doesn't look like a telnet logon, I thought telnet =3D
terminal IDs were TN-something?
=20
sampsa <sampsa at mac.com>
mobile +44 7961 149465
=20
Multinet installed???
=20
Yup lol. I'm an idiot. Actually why is a Telnet login marked as LOCAL =
when it's marked REMOTE by UCX/TCP/IP Services?
Sampsa
I do believe there's a Multinet Server parameter to change that. Personally,
I believe it SHOULD be remote. It's one way I keep accounts safe; access to
accounts on my system to not maintain REMOTE or DIALUP.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
Hello!
Excellent question. Examine what VMS uses for accounting and security,
it should tell you who's who and what's what regarding that one.
-----
Gregg C Levine gregg.drwho8 at gmail.com
"This signature fought the Time Wars, time and again."
On Sat, Nov 30, 2013 at 5:09 PM, Sampsa Laine <sampsa at mac.com> wrote:
On 30 Nov 2013, at 22:07, "Brian Schenkenberger, VAXman-" <system at TMESIS.COM> wrote:
Sampsa Laine <sampsa at mac.com> writes:
Just saw this on LABVAX:
%%%%%%%%%%% OPCOM 30-NOV-2013 21:28:47.27 %%%%%%%%%%%
Message from user AUDIT$SERVER on LABVAX
Security alarm (SECURITY) and security audit (SECURITY) on LABVAX, =
system id: 48683
Auditable event: Local interactive login failure
Event time: 30-NOV-2013 21:28:47.21
PID: 22E00220 =20
Process name: _NTY215: =20
Username: <login> =20
Process owner: [SYSTEM]
Terminal name: _NTY215:, 122.138.48.116.static.netvigator.com
Image name: =
$77$DUA0:[SYS10.SYSCOMMON.][SYSEXE]LOGINOUT.EXE
Status: %LOGIN-F-CMDINPUT, error reading command input
Confused as it doesn't look like a telnet logon, I thought telnet =
terminal IDs were TN-something?
sampsa <sampsa at mac.com>
mobile +44 7961 149465
Multinet installed???
Yup lol. I'm an idiot. Actually why is a Telnet login marked as LOCAL when it's marked REMOTE by UCX/TCP/IP Services?
Sampsa
On 30 Nov 2013, at 22:07, "Brian Schenkenberger, VAXman-" <system at TMESIS.COM> wrote:
Sampsa Laine <sampsa at mac.com> writes:
Just saw this on LABVAX:
%%%%%%%%%%% OPCOM 30-NOV-2013 21:28:47.27 %%%%%%%%%%%
Message from user AUDIT$SERVER on LABVAX
Security alarm (SECURITY) and security audit (SECURITY) on LABVAX, =
system id: 48683
Auditable event: Local interactive login failure
Event time: 30-NOV-2013 21:28:47.21
PID: 22E00220 =20
Process name: _NTY215: =20
Username: <login> =20
Process owner: [SYSTEM]
Terminal name: _NTY215:, 122.138.48.116.static.netvigator.com
Image name: =
$77$DUA0:[SYS10.SYSCOMMON.][SYSEXE]LOGINOUT.EXE
Status: %LOGIN-F-CMDINPUT, error reading command input
Confused as it doesn't look like a telnet logon, I thought telnet =
terminal IDs were TN-something?
sampsa <sampsa at mac.com>
mobile +44 7961 149465
Multinet installed???
Yup lol. I'm an idiot. Actually why is a Telnet login marked as LOCAL when it's marked REMOTE by UCX/TCP/IP Services?
Sampsa
Sampsa Laine <sampsa at mac.com> writes:
Just saw this on LABVAX:
%%%%%%%%%%% OPCOM 30-NOV-2013 21:28:47.27 %%%%%%%%%%%
Message from user AUDIT$SERVER on LABVAX
Security alarm (SECURITY) and security audit (SECURITY) on LABVAX, =
system id: 48683
Auditable event: Local interactive login failure
Event time: 30-NOV-2013 21:28:47.21
PID: 22E00220 =20
Process name: _NTY215: =20
Username: <login> =20
Process owner: [SYSTEM]
Terminal name: _NTY215:, 122.138.48.116.static.netvigator.com
Image name: =
$77$DUA0:[SYS10.SYSCOMMON.][SYSEXE]LOGINOUT.EXE
Status: %LOGIN-F-CMDINPUT, error reading command input
Confused as it doesn't look like a telnet logon, I thought telnet =
terminal IDs were TN-something?
sampsa <sampsa at mac.com>
mobile +44 7961 149465
Multinet installed???
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
Just saw this on LABVAX:
%%%%%%%%%%% OPCOM 30-NOV-2013 21:28:47.27 %%%%%%%%%%%
Message from user AUDIT$SERVER on LABVAX
Security alarm (SECURITY) and security audit (SECURITY) on LABVAX, system id: 48683
Auditable event: Local interactive login failure
Event time: 30-NOV-2013 21:28:47.21
PID: 22E00220
Process name: _NTY215:
Username: <login>
Process owner: [SYSTEM]
Terminal name: _NTY215:, 122.138.48.116.static.netvigator.com
Image name: $77$DUA0:[SYS10.SYSCOMMON.][SYSEXE]LOGINOUT.EXE
Status: %LOGIN-F-CMDINPUT, error reading command input
Confused as it doesn't look like a telnet logon, I thought telnet terminal IDs were TN-something?
sampsa <sampsa at mac.com>
mobile +44 7961 149465
hey Sampas,
I played and got a high score..
Not sure how to "screen shot" on Mac, but cut and pasted the following from terminal to help verify it.
Oct TETRIS Mark Wickens 7640 1 TETRIS Mike Holmes 9816 18
Sep TETRIS DRB 1040 2 SAMPSA 130 1
Aug SAMPSA [A 126
Jul TETRIS Lanny 740
Jun TETRIS volal 11860
May TETRIS tiguco 2799
Apr TETRIS 14
Mar TETRIS TooCool4Web 4430
Feb TETRIS u 1567
Jan TETRIS 268
Dec TETRIS 128
Nov TETRIS 585
You Are Seated At 1 In tetris Previous Score 2000
Enter Your Name [ Return to Leave ] Current Score 9816
%DCL-E-CAPTINT, captive account - interactive access denied
TETRIS logged out at 30-NOV-2013 03:46:58.48
%REM-S-END, control returned to node MASON::
$
thanks Mike
----------------------------------------
From: sampsa at mac.com
Subject: [HECnet] CHIMPY Retro Tetris Update
Date: Fri, 15 Nov 2013 12:47:15 +0200
To: hecnet at Update.UU.SE
CHIMPY Retro Tetris Update:
Mark Wickens is in the lead with a score of 7,640, followed by Vilaca with 1,574 (score not verified with screenshot so might not count).
Guys, we're still running until 23:59:00 GMT on 31-DEC-2013 so there's plenty of time to win random Arabic money AND certificates of Tetris awesomeness.
Telnet to CHIMPY.SAMPSA.COM or SET HOST CHIMPY, log in as TETRIS.
REMEMBER TO SCREENSHOT YOUR RESULT IF YOU GET A NEW HIGHSCORE. Or at least write down what date/time/node you came from if SET HOST, so I can verify the score..
sampsa <sampsa at mac.com>
mobile +358 40 7208932
On Fri, 29 Nov 2013, Pontus Pihlgren wrote:
On Thu, Nov 28, 2013 at 11:27:42PM +0000, Sampsa Laine wrote:
I think we'll need some kind of driving license system for running servers at some point, this botnet stuff is just ridiculous :)
I don't believe in that. But I've always wondered why
ISPs aren't more proactive. You'd think it is in their
interest and they should have the expertise.
It's not in their best interest when the spammers and skiddies pay
$$$...even if the money is stolen.
/P
--
Cory Smelosky
http://gewt.net Personal stuff
http://gimme-sympathy.org Projects
sampsa <sampsa at mac.com>
mobile +44 7961 149465
On 29 Nov 2013, at 08:26, Pontus Pihlgren <pontus at Update.UU.SE> wrote:
On Thu, Nov 28, 2013 at 11:27:42PM +0000, Sampsa Laine wrote:
I think we'll need some kind of driving license system for running servers at some point, this botnet stuff is just ridiculous :)
I don't believe in that. But I've always wondered why
ISPs aren't more proactive. You'd think it is in their
interest and they should have the expertise.
I wasn't entirely serious but the level of Stupid seems to be growing daily..
