- HECnet - lists @ Update

by sampsa＠mac.com

sampsa <sampsa at mac.com> mobile +44 7961 149465 On 14 Jan 2014, at 13:42, "Brian Schenkenberger, VAXman-" <system at TMESIS.COM> wrote: Sampsa Laine <sampsa at mac.com> writes: Anybody know what happened with that discussion re: EISNER and HECnet? Also, is EISNER even up any more? I can't seem to connect to it. EISNER is being or has been physically relocated. Once it is back up, I'll see what can be done about getting it connected to HECnet. I have no idea what'll be available network-wise/router-wise until EISNER is back on-line. Mind you with such a large change anyway, it might be a good time to "sneak in" the connection to HECnet :)

11 years, 6 months

1
0
0 0

EISNER?

by system＠TMESIS.COM

Sampsa Laine <sampsa at mac.com> writes: Anybody know what happened with that discussion re: EISNER and HECnet? Also, is EISNER even up any more? I can't seem to connect to it. EISNER is being or has been physically relocated. Once it is back up, I'll see what can be done about getting it connected to HECnet. I have no idea what'll be available network-wise/router-wise until EISNER is back on-line. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG Well I speak to machines with the voice of humanity.

11 years, 6 months

1
0
0 0

Re: TOPS-20 on HECnet?

by phiber＠phiber.com

I'm only ever seeing LAT and MOP packets coming over the bridge; my DECnet 0x6003 packets get silently ignored, and I never see any coming from the far end of the bridge. Is anyone willing to bridge with me as a test for comparison? I don't yet have an area assigned by Johnny since I only have one machine at present (but that may change), so I've been using the same area number as the remote bridge peer. -Mark On Mon, Jan 13, 2014 at 10:45 PM, Mark Abene <phiber at phiber.com> wrote: OK, I'm at the hair-tearing-out stage... Who here has a TOPS-20 system connected to HECnet? I'm trying to peer with Sampsa with "bridge" in his same area as an endnode. Bridge works fine on my end, lots of activity in debug mode, and I see lots of node number entries if I send it a SIGUSR1. However I never "see" the adjacent node in NCP, though my circuit and line are up and active. Adding a few nodes manually with NCP SET NODE and then trying a SET HOST in the monitor just times out. If I do this while watching my ethernet with tcpdump, I see my real DECnet traffic, immediately followed by its encapsulated udp packet going out over port 4711. However, I never get any responses to my SET HOST from the remote bridge side. Any suggestions on debugging this? Thanks, Mark

11 years, 6 months

1
0
0 0

EISNER?

by johnhreinhardt＠yahoo.com

On 1/13/2014 9:35 PM, Sampsa Laine wrote: Anybody know what happened with that discussion re: EISNER and HECnet? Also, is EISNER even up any more? I can't seem to connect to it. sampsa <sampsa at mac.com> mobile +44 7961 149465 Eisner is down for a physical move. Last I saw posted was on 7-Jan-2014 on comp.os.vms was that they expected it back up "soon". It was moving from Wisconsin to the Nemonix HQ in Massachusetts. https://groups.google.com/forum/?fromgroups#!topic/comp.os.vms/qh3oFl11Olw John H. Reinhardt

11 years, 6 months

1
0
0 0

TOPS-20 on HECnet?

by phiber＠phiber.com

OK, I'm at the hair-tearing-out stage... Who here has a TOPS-20 system connected to HECnet? I'm trying to peer with Sampsa with "bridge" in his same area as an endnode. Bridge works fine on my end, lots of activity in debug mode, and I see lots of node number entries if I send it a SIGUSR1. However I never "see" the adjacent node in NCP, though my circuit and line are up and active. Adding a few nodes manually with NCP SET NODE and then trying a SET HOST in the monitor just times out. If I do this while watching my ethernet with tcpdump, I see my real DECnet traffic, immediately followed by its encapsulated udp packet going out over port 4711. However, I never get any responses to my SET HOST from the remote bridge side. Any suggestions on debugging this? Thanks, Mark

11 years, 6 months

1
0
0 0

EISNER?

by sampsa＠mac.com

Anybody know what happened with that discussion re: EISNER and HECnet? Also, is EISNER even up any more? I can't seem to connect to it. sampsa <sampsa at mac.com> mobile +44 7961 149465

11 years, 6 months

1
0
0 0

Cisco config tool

by b4＠gewt.net

On Sun, 12 Jan 2014, Brian Hechinger wrote: Has been offline for almost a week now. I let the colo host at OVH expire because while it was a good deal the network connectivity was very bad. I'll be moving it to the host Ian has running hopefully sometime this week. Stay tuned for details. -brian Replying to this made Alpine dump core...Hmmm. I was wondering about that. Not surprised to hear OVH connectivity wasn't fantastic. -- Cory Smelosky http://gewt.net Personal stuff http://gimme-sympathy.org Projects

11 years, 6 months

1
0
0 0

Cisco config tool

by wonko＠4amlunch.net

Has been offline for almost a week now. I let the colo host at OVH expire because while it was a good deal the network connectivity was very bad. I'll be moving it to the host Ian has running hopefully sometime this week. Stay tuned for details. -brian

11 years, 6 months

1
0
0 0

[DECtec] NTP vulnerability in VMS 8.3

by sampsa＠mac.com

Actually, no one has resumed their "hacking" after I launch my anti-hacking script. I'm happy with my method. sampsa <sampsa at mac.com> mobile +44 7961 149465 On 8 Jan 2014, at 23:08, Sampsa Laine <sampsa at mac.com> wrote: They can try, none have succeeded so far. They're script kiddies / bots anyway. sampsa <sampsa at mac.com> mobile +44 7961 149465 On 8 Jan 2014, at 23:01, "Brian Schenkenberger, VAXman-" <system at TMESIS.COM> wrote: Sampsa Laine <sampsa at mac.com> writes: On 8 Jan 2014, at 22:30, Bob Armstrong <bob at jfcl.com> wrote: I've seen idiots attacking ... via the SSH connection,=20 =20 FWIW, I've put all my public SSH ports on non-standard port numbers. = It's pretty much eliminated all the attacks. =20 I think most of these attackers are bots and script kiddies, and they = only try the well known ports. =20 Bob =20 =20 =20 I personally run sshd in pubkey auth mode only, and when I see login = attempts, I bombard the source IP with packets using nmap. Tends to stop = them in about 30-90 secs. You'd still be beter off running it on a non-standard port. Also, doing onto others as they do on to you should be reserved only for good tasks; bombing the source is a good way to get them to really go after you and your systems. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG Well I speak to machines with the voice of humanity.

11 years, 6 months

1
0
0 0

Re: [DECtec] NTP vulnerability in VMS 8.3

by b4＠gewt.net

On Wed, 8 Jan 2014, Brian Schenkenberger, VAXman- wrote: Cory Smelosky <b4 at gewt.net> writes: On Wed, 8 Jan 2014, Brian Schenkenberger, VAXman- wrote: You'd still be beter off running it on a non-standard port. Also, doing onto others as they do on to you should be reserved only for good tasks; bombing the source is a good way to get them to really go after you and your systems. So long as that's not the only method of "security" used. Auto portscan and quick telnet probe can find SSH on port 1337 instead of 22 with ease. It's no security! It does, however, keep the persistent port scanners from consuming system resources. On VMS, touching the ssh port will initiate a process to handle the authentication and create a pseudo-terminal for each instance of a possible ssh session. This wastes process slots and carves a lot of memory from the NPP. Ahhhhh. I get what you're saying. I wasn't thinking in a VMS sense. That is certainly sensible. -- Cory Smelosky http://gewt.net Personal stuff http://gimme-sympathy.org Projects

11 years, 6 months

1
0
0 0

Re: [DECtec] NTP vulnerability in VMS 8.3

by system＠TMESIS.COM

Cory Smelosky <b4 at gewt.net> writes: On Wed, 8 Jan 2014, Brian Schenkenberger, VAXman- wrote: You'd still be beter off running it on a non-standard port. Also, doing onto others as they do on to you should be reserved only for good tasks; bombing the source is a good way to get them to really go after you and your systems. So long as that's not the only method of "security" used. Auto portscan and quick telnet probe can find SSH on port 1337 instead of 22 with ease. It's no security! It does, however, keep the persistent port scanners from consuming system resources. On VMS, touching the ssh port will initiate a process to handle the authentication and create a pseudo-terminal for each instance of a possible ssh session. This wastes process slots and carves a lot of memory from the NPP. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG Well I speak to machines with the voice of humanity.

11 years, 6 months

1
0
0 0

Re: [DECtec] NTP vulnerability in VMS 8.3

by sampsa＠mac.com

They can try, none have succeeded so far. They're script kiddies / bots anyway. sampsa <sampsa at mac.com> mobile +44 7961 149465 On 8 Jan 2014, at 23:01, "Brian Schenkenberger, VAXman-" <system at TMESIS.COM> wrote: Sampsa Laine <sampsa at mac.com> writes: On 8 Jan 2014, at 22:30, Bob Armstrong <bob at jfcl.com> wrote: I've seen idiots attacking ... via the SSH connection,=20 =20 FWIW, I've put all my public SSH ports on non-standard port numbers. = It's pretty much eliminated all the attacks. =20 I think most of these attackers are bots and script kiddies, and they = only try the well known ports. =20 Bob =20 =20 =20 I personally run sshd in pubkey auth mode only, and when I see login = attempts, I bombard the source IP with packets using nmap. Tends to stop = them in about 30-90 secs. You'd still be beter off running it on a non-standard port. Also, doing onto others as they do on to you should be reserved only for good tasks; bombing the source is a good way to get them to really go after you and your systems. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG Well I speak to machines with the voice of humanity.

11 years, 6 months

1
0
0 0

Re: [DECtec] NTP vulnerability in VMS 8.3

by b4＠gewt.net

On Wed, 8 Jan 2014, Brian Schenkenberger, VAXman- wrote: You'd still be beter off running it on a non-standard port. Also, doing onto others as they do on to you should be reserved only for good tasks; bombing the source is a good way to get them to really go after you and your systems. So long as that's not the only method of "security" used. Auto portscan and quick telnet probe can find SSH on port 1337 instead of 22 with ease. -- Cory Smelosky http://gewt.net Personal stuff http://gimme-sympathy.org Projects

11 years, 6 months

1
0
0 0

Re: [DECtec] NTP vulnerability in VMS 8.3

by system＠TMESIS.COM

Sampsa Laine <sampsa at mac.com> writes: On 8 Jan 2014, at 22:30, Bob Armstrong <bob at jfcl.com> wrote: I've seen idiots attacking ... via the SSH connection,=20 =20 FWIW, I've put all my public SSH ports on non-standard port numbers. = It's pretty much eliminated all the attacks. =20 I think most of these attackers are bots and script kiddies, and they = only try the well known ports. =20 Bob =20 =20 =20 I personally run sshd in pubkey auth mode only, and when I see login = attempts, I bombard the source IP with packets using nmap. Tends to stop = them in about 30-90 secs. You'd still be beter off running it on a non-standard port. Also, doing onto others as they do on to you should be reserved only for good tasks; bombing the source is a good way to get them to really go after you and your systems. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG Well I speak to machines with the voice of humanity.

11 years, 6 months

1
0
0 0

Re: [DECtec] NTP vulnerability in VMS 8.3

by bob＠jfcl.com

I personally run sshd in pubkey auth mode only, Oh - I forgot, I do that too. No keyboard authentication allowed. Bob

11 years, 6 months

1
0
0 0

Re: [DECtec] NTP vulnerability in VMS 8.3

by sampsa＠mac.com

On 8 Jan 2014, at 22:30, Bob Armstrong <bob at jfcl.com> wrote: I've seen idiots attacking ... via the SSH connection, FWIW, I've put all my public SSH ports on non-standard port numbers. It's pretty much eliminated all the attacks. I think most of these attackers are bots and script kiddies, and they only try the well known ports. Bob I personally run sshd in pubkey auth mode only, and when I see login attempts, I bombard the source IP with packets using nmap. Tends to stop them in about 30-90 secs.

11 years, 6 months

1
0
0 0

Re: [DECtec] NTP vulnerability in VMS 8.3

by bob＠jfcl.com

I've seen idiots attacking ... via the SSH connection, FWIW, I've put all my public SSH ports on non-standard port numbers. It's pretty much eliminated all the attacks. I think most of these attackers are bots and script kiddies, and they only try the well known ports. Bob

11 years, 6 months

1
0
0 0

Re: [DECtec] NTP vulnerability in VMS 8.3

by gregg.drwho8＠gmail.com

Hello! The few times I've seen idiots attacking (or even trying to attack) my (What else?) Linux setup via the SSH connection, I imagine them being forced to walk across a desert, with limited supplies. It definitely should be legal. I'm thinking defenestration. ----- Gregg C Levine gregg.drwho8 at gmail.com "This signature fought the Time Wars, time and again." On Wed, Jan 8, 2014 at 1:52 PM, Brian Schenkenberger, VAXman- <system at tmesis.com> wrote: Dave McGuire <mcguire at neurotica.com> writes: Yep...some little fucker hosed my network with exactly that bug yesterday, but against a UNIX box. It should be legal to kill these people. ... slow and painfully too! -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG Well I speak to machines with the voice of humanity.

11 years, 6 months

1
0
0 0

Re: [DECtec] NTP vulnerability in VMS 8.3

by system＠TMESIS.COM

Dave McGuire <mcguire at neurotica.com> writes: Yep...some little fucker hosed my network with exactly that bug yesterday, but against a UNIX box. It should be legal to kill these people. ... slow and painfully too! -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG Well I speak to machines with the voice of humanity.

11 years, 6 months

1
0
0 0

Re: [DECtec] NTP vulnerability in VMS 8.3

by mcguire＠neurotica.com

Yep...some little fucker hosed my network with exactly that bug yesterday, but against a UNIX box. It should be legal to kill these people. Anyway, just build ntpd v4.2.7 to replace whatever version you're running. -Dave On 01/08/2014 01:29 PM, Ian McLaughlin wrote: Hello all, Just got an interesting report of a machine of mine with a public IP address that has a vulnerability in NTP that can be used for amplification attacks. I've attached a snippet of the report I was given at the end of this email. If this was Linux, then I'd have no problems dealing with this. However, for VMS I have no idea. Anyone else run in to this? Is there a patch available? I'm running OpenVMS 8.3 with no patches. Thanks in advance for any assistance, and anyone else running public-facing might want to see if this affects them. Ian (snippet follows) In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. CCIRC has received a report indicating a NTP server(s) from your organization could be potentially used in distributed denial of service attacks. In this case, the NTP server is likely open to 'get monlist' requests, which can be leveraged by malicious actors in reflected distributed denial of service attacks. Organizations should consider testing and deploying the latest version of NTP, which does not use the "monlist" command, at the earliest opportunity. If upgrading to the latest version is not immediately feasible, access to the "monlist" command should be disabled. CCIRC recommends organizations review common best practices to harden NTP servers or disable the service if it is not required. Additional guidance on NTP hardening can be found at the following reference: http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html For more information on this method of attack, please review the following references: https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300 CVE-2013-5211 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5211 -- Dave McGuire, AK4HZ New Kensington, PA

11 years, 6 months

1
0
0 0

NTP vulnerability in VMS 8.3

by ian＠platinum.net

Hello all, Just got an interesting report of a machine of mine with a public IP address that has a vulnerability in NTP that can be used for amplification attacks. I've attached a snippet of the report I was given at the end of this email. If this was Linux, then I'd have no problems dealing with this. However, for VMS I have no idea. Anyone else run in to this? Is there a patch available? I'm running OpenVMS 8.3 with no patches. Thanks in advance for any assistance, and anyone else running public-facing might want to see if this affects them. Ian (snippet follows) In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. CCIRC has received a report indicating a NTP server(s) from your organization could be potentially used in distributed denial of service attacks. In this case, the NTP server is likely open to 'get monlist' requests, which can be leveraged by malicious actors in reflected distributed denial of service attacks. Organizations should consider testing and deploying the latest version of NTP, which does not use the "monlist" command, at the earliest opportunity. If upgrading to the latest version is not immediately feasible, access to the "monlist" command should be disabled. CCIRC recommends organizations review common best practices to harden NTP servers or disable the service if it is not required. Additional guidance on NTP hardening can be found at the following reference: http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html For more information on this method of attack, please review the following references: https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300 CVE-2013-5211 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5211

11 years, 6 months

1
0
0 0

CREATE/TERM gives strange error messages about protocol versions...

by hawk＠hawk.ro

On Jan 7, 2014, at 16:30, Brian Schenkenberger, VAXman- wrote: Johnny Billquist <bqt at softjar.se> writes: On 2014-01-07 14:09, Brian Schenkenberger, VAXman- wrote: Sampsa Laine <sampsa at mac.com> writes: Before this, I did an "xhost +" and ssh'd into RHESUS with X forwarding on. {RHESUS$} create/term X11 connection rejected because of wrong authentication. X connection to _WSA48: broken (explicit kill or server shutdown). X Error of failed request: BadConnection (fatal error on display connection) Major opcode of failed request: 1 (X_CreateWindow) Serial number of failed request: 0 Current serial number in output stream: 0 %XLIB-E-ERROREVENT, error event received from server Xlib: client uses different protocol version (11) than server (0)! %DECW-E-CANT_OPEN_DISPL, Can't open display Any idea what is causing this? Server and version? (Assuming you're using your Mac? OSX ???) VMS Arch/Versions? (Assuming a VAX? VMS V?.? TCPIP???)

11 years, 6 months

1
0
0 0

CREATE/TERM gives strange error messages about protocol versions...

by system＠TMESIS.COM

Johnny Billquist <bqt at softjar.se> writes: On 2014-01-07 14:09, Brian Schenkenberger, VAXman- wrote: Sampsa Laine <sampsa at mac.com> writes: Before this, I did an "xhost +" and ssh'd into RHESUS with X forwarding on. {RHESUS$} create/term X11 connection rejected because of wrong authentication. X connection to _WSA48: broken (explicit kill or server shutdown). X Error of failed request: BadConnection (fatal error on display connection) Major opcode of failed request: 1 (X_CreateWindow) Serial number of failed request: 0 Current serial number in output stream: 0 %XLIB-E-ERROREVENT, error event received from server Xlib: client uses different protocol version (11) than server (0)! %DECW-E-CANT_OPEN_DISPL, Can't open display Any idea what is causing this? Server and version? (Assuming you're using your Mac? OSX ???) VMS Arch/Versions? (Assuming a VAX? VMS V?.? TCPIP???)

11 years, 6 months

1
0
0 0

CREATE/TERM gives strange error messages about protocol versions...

by bqt＠softjar.se

On 2014-01-07 14:09, Brian Schenkenberger, VAXman- wrote: Sampsa Laine <sampsa at mac.com> writes: Before this, I did an "xhost +" and ssh'd into RHESUS with X forwarding on. {RHESUS$} create/term X11 connection rejected because of wrong authentication. X connection to _WSA48: broken (explicit kill or server shutdown). X Error of failed request: BadConnection (fatal error on display connection) Major opcode of failed request: 1 (X_CreateWindow) Serial number of failed request: 0 Current serial number in output stream: 0 %XLIB-E-ERROREVENT, error event received from server Xlib: client uses different protocol version (11) than server (0)! %DECW-E-CANT_OPEN_DISPL, Can't open display Any idea what is causing this? Server and version? (Assuming you're using your Mac? OSX ???) VMS Arch/Versions? (Assuming a VAX? VMS V?.? TCPIP???)

11 years, 6 months

1
0
0 0

Decent OS X terminal that'll let me keys?

by bqt＠softjar.se

On 2014-01-07 06:57, Sampsa Laine wrote: Turns out Terminal.app has built-in support for the keys, being as it derives largely from xterm source code I believe. Obviously it does not, as it has bugs that xterm don't, when it comes to VT100 emulation... Anyway, I've now got my frankenkeyboard for the occasional moments when I really need to edit a file on a VMS box.. Good enough for you then, I guess. :-) Johnny

11 years, 6 months

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

HECnet