On 26 Nov 2013, at 23:08, Hans Vlems <hvlems at zonnet.nl> wrote:
No, I get telnet attempts from it, es and nl domains lately. I put a text in sys$announce that tells the, error, user that the system is privately owned, alle access attempts are logged and monitored and that unauthorized access is not allowed. The attempts are now down to a couple every 24 hours and no longer every 5 minutes.
Just got an SSH bruteforce attempt from Korea, decided to have a look at the chap's machine:
nmap -p1-65535 -T5 -sV -oAhax0r -P0 14.63.222.153
The "attack" stopped pretty quickly after that lol.
Sampsa
Anybody have an idea of how many amps (at 220V) a DS10 with 3 HDDs will consume?
What about an rx2600?
sampsa <sampsa at mac.com>
mobile +44 7961 149465
No, I get telnet attempts from it, es and nl domains lately. I put a text in sys$announce that tells the, error, user that the system is privately owned, alle access attempts are logged and monitored and that unauthorized access is not allowed. The attempts are now down to a couple every 24 hours and no longer every 5 minutes.
Hans
Van: Sampsa Laine
Verzonden: dinsdag 26 november 2013 23:32
Aan: hecnet at Update.UU.SE
Beantwoorden: hecnet at Update.UU.SE
Onderwerp: [HECnet] Telnet/SSH attacks
Am I the only one who's almost constantly being hit by login scans (usually from China or weird places like Kazakhstan - sorry Oleg) on their Internet facing Telnet/SSH ports?
It's not like they get in or anything, my guess is that this is just part of a larger scan so if you guys are getting hit as well, I won't worry that I'm being targeted :)
sampsa <sampsa at mac.com>
mobile +44 7961 149465
Stupid! Disable TELNET for anything but your local net. You do NOT want
plain text sent over the internet!
Also, SSH2 kills the CPU on a lot of VAX boxes. I'm toying with the idea of a SSH-only jumpbox..
On 26 Nov 2013, at 22:56, "Brian Schenkenberger, VAXman-" <system at TMESIS.COM> wrote:
Dennis Boone <drb at msu.edu> writes:
Am I the only one who's almost constantly being hit by login scans
(usually from China or weird places like Kazakhstan - sorry Oleg) on
their Internet facing Telnet/SSH ports?
It's not like they get in or anything, my guess is that this is just
part of a larger scan so if you guys are getting hit as well, I won't
worry that I'm being targeted :)
Pretty much if it's connected to the internet, it's getting
dictionary-scanned on any open telnet and ssh ports. The scanners have
gotten a little smarter in the last 8 years or so -- they no longer
generate so many parallel connections that you notice them because of
load or socket starvation.
I put in firewall rules to block addresses which generate too many ssh
connections in a period of time, mostly to prevent the log spam.
Stupid! Disable TELNET for anything but your local net. You do NOT want
plain text sent over the internet!
As for SSH, moving it off of port 22 seems to quiet things down. Use one
of the port numbers in the ephemeral range like 22222. Of course, you'll
need to tell your ssh client that you're using a different port using the
-p option.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
I agree with both points for production "real" boxes, SSH in pubkey mode on random port, no telnet.
But for public access hobby systems that significantly increases the barrier to entry for new users. I run SSH but in pubkey mode only, Telnet is used by the vast majority of my users, these are hobby system, I haven't had any complaints.
Dennis Boone <drb at msu.edu> writes:
Am I the only one who's almost constantly being hit by login scans
(usually from China or weird places like Kazakhstan - sorry Oleg) on
their Internet facing Telnet/SSH ports?
It's not like they get in or anything, my guess is that this is just
part of a larger scan so if you guys are getting hit as well, I won't
worry that I'm being targeted :)
Pretty much if it's connected to the internet, it's getting
dictionary-scanned on any open telnet and ssh ports. The scanners have
gotten a little smarter in the last 8 years or so -- they no longer
generate so many parallel connections that you notice them because of
load or socket starvation.
I put in firewall rules to block addresses which generate too many ssh
connections in a period of time, mostly to prevent the log spam.
Stupid! Disable TELNET for anything but your local net. You do NOT want
plain text sent over the internet!
As for SSH, moving it off of port 22 seems to quiet things down. Use one
of the port numbers in the ephemeral range like 22222. Of course, you'll
need to tell your ssh client that you're using a different port using the
-p option.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
On 26 Nov 2013, at 22:45, Mark Benson <md.benson at gmail.com> wrote:
We get them by the shedload on our work hosting server. We run CPHulk on there to keep them out. I'd suggest implementing some kind of 'block IP for 24 hrs after x failed logins' scheme if you can. That usually forces them to move on.
Nah, they make good target practice and a real data source for my SIEM :)
Hello!
Oddly enough when my system is showing that port, then yes. But not as
many. I run a program on it that works along the lines of, you get
three tries, and then shown the doors.
-----
Gregg C Levine gregg.drwho8 at gmail.com
"This signature fought the Time Wars, time and again."
On Tue, Nov 26, 2013 at 5:32 PM, Sampsa Laine <sampsa at mac.com> wrote:
Am I the only one who's almost constantly being hit by login scans (usually from China or weird places like Kazakhstan - sorry Oleg) on their Internet facing Telnet/SSH ports?
It's not like they get in or anything, my guess is that this is just part of a larger scan so if you guys are getting hit as well, I won't worry that I'm being targeted :)
sampsa <sampsa at mac.com>
mobile +44 7961 149465
Am I the only one who's almost constantly being hit by login scans
(usually from China or weird places like Kazakhstan - sorry Oleg) on
their Internet facing Telnet/SSH ports?
It's not like they get in or anything, my guess is that this is just
part of a larger scan so if you guys are getting hit as well, I won't
worry that I'm being targeted :)
Pretty much if it's connected to the internet, it's getting
dictionary-scanned on any open telnet and ssh ports. The scanners have
gotten a little smarter in the last 8 years or so -- they no longer
generate so many parallel connections that you notice them because of
load or socket starvation.
I put in firewall rules to block addresses which generate too many ssh
connections in a period of time, mostly to prevent the log spam.
De
We get them by the shedload on our work hosting server. We run CPHulk on there to keep them out. I'd suggest implementing some kind of 'block IP for 24 hrs after x failed logins' scheme if you can. That usually forces them to move on.
On 26 Nov 2013 22:32, "Sampsa Laine" <sampsa at mac.com> wrote:
Am I the only one who's almost constantly being hit by login scans (usually from China or weird places like Kazakhstan - sorry Oleg) on their Internet facing Telnet/SSH ports?
It's not like they get in or anything, my guess is that this is just part of a larger scan so if you guys are getting hit as well, I won't worry that I'm being targeted :)
sampsa <sampsa at mac.com>
mobile +44 7961 149465
Am I the only one who's almost constantly being hit by login scans (usually from China or weird places like Kazakhstan - sorry Oleg) on their Internet facing Telnet/SSH ports?
It's not like they get in or anything, my guess is that this is just part of a larger scan so if you guys are getting hit as well, I won't worry that I'm being targeted :)
sampsa <sampsa at mac.com>
mobile +44 7961 149465
On 25 Nov 2013, at 09:01, Erik Olofsen <e.olofsen at xs4all.nl> wrote:
And recent XTerm versions are capable of displaying Sixel graphics, but need to be configured/compiled with --enable-sixel-graphics!
Erik
Got something that'll build with a simple "./configure ; make ; make install" on OS X?
I find building Unix stuff on OS X tedious, something's always broken with dyld or something..
And recent XTerm versions are capable of displaying Sixel graphics, but need to be configured/compiled with --enable-sixel-graphics!
Erik
On Mon, Nov 25, 2013 at 08:30:50AM +0000, Sampsa Laine wrote:
On 24 Nov 2013, at 22:58, Johnny Billquist <bqt at softjar.se> wrote:
I can only agree. I've checked both iTerm and iTerm2 several times, and the terminal emulation sucks. Not usable, if you ask me.
The only decent VT emulation I know of (apart from DEC stuff) is actually xterm. And xterm is available on a MAC as well.
That, along with a full MAC keyboard (the one with the numeric keypad) will do pretty much all keys you'd normally want straight out of the box.
And xmodmap is your friend, if you want to customize things more, along with the resources for xterm.
It's weird, I just haven't had these problems with either Terminal.app or iTerm/iTerm2 - but I guess if they get irritating enough I'll swap to xterm.
sampsa
On 24 Nov 2013, at 22:58, Johnny Billquist <bqt at softjar.se> wrote:
I can only agree. I've checked both iTerm and iTerm2 several times, and the terminal emulation sucks. Not usable, if you ask me.
The only decent VT emulation I know of (apart from DEC stuff) is actually xterm. And xterm is available on a MAC as well.
That, along with a full MAC keyboard (the one with the numeric keypad) will do pretty much all keys you'd normally want straight out of the box.
And xmodmap is your friend, if you want to customize things more, along with the resources for xterm.
It's weird, I just haven't had these problems with either Terminal.app or iTerm/iTerm2 - but I guess if they get irritating enough I'll swap to xterm.
sampsa
On 2013-11-24 18:24, Brian Schenkenberger, VAXman- wrote:
Sampsa Laine <sampsa at mac.com> writes:
So I've had this idea for a while and FINALLY got my hands on a "proper" =
Mac 100+ key keyboard.
iTerm2.app will let me map pretty much any key to any escape sequence, =
what do you guys think of the following layout (had to be a bit =
'creative' and move some keys around):
http://sampsa.com/maclk.jpg
I'd have to ask you why "set C" is not the PF1 through PF4???
FWIW, the iTerm.app and iTerm2.app both have pretty awful VT emulations. If
you really want/need to use a VT terminal, assuming your target is VMS, then
issue $CREATE/TERMINAL with the VMS display set to your Mac. If you use ssh,
this is much simpler to establish, simply use the -X switch with ssh command.
You'll find that the Mac keyboard you've shown in your URL maps nicely under
the DECterm which will be launched on your Mac. A few minor Xmodmap commands
or mods of the Xresource file will make things seem much more like an LK key-
board.
I can only agree. I've checked both iTerm and iTerm2 several times, and the terminal emulation sucks. Not usable, if you ask me.
The only decent VT emulation I know of (apart from DEC stuff) is actually xterm. And xterm is available on a MAC as well.
That, along with a full MAC keyboard (the one with the numeric keypad) will do pretty much all keys you'd normally want straight out of the box.
And xmodmap is your friend, if you want to customize things more, along with the resources for xterm.
Johnny
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt at softjar.se || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol
On 24.11.2013 11:27, Google wrote:
On 23 Nov 2013, at 22:17, Hans Vlems <hvlems at zonnet.nl
<mailto:hvlems at zonnet.nl>> wrote:
An rx2600 has ecc memory. Not terribly expensive to replace though
Does the rx2600 take the same ram and the zx6000? If so you are welcome
to have some of mine if you need to, I ve got 24GB of it and took most
of it out to save power consumption! :)
--
Mark Benson
http://DECtec.info
Twitter: @DECtecInfo
HECnet: STAR69::MARK
Online Resource & Mailing List for DEC Enthusiasts.
Both use the same ram.
They are almost the same machine. Only a few small details are different.
Kari
sampsa <sampsa at mac.com>
mobile +358 40 7208932
On 24 Nov 2013, at 17:24, "Brian Schenkenberger, VAXman-" <system at TMESIS.COM> wrote:
Sampsa Laine <sampsa at mac.com> writes:
So I've had this idea for a while and FINALLY got my hands on a "proper" =
Mac 100+ key keyboard.
iTerm2.app will let me map pretty much any key to any escape sequence, =
what do you guys think of the following layout (had to be a bit =
'creative' and move some keys around):
http://sampsa.com/maclk.jpg
I'd have to ask you why "set C" is not the PF1 through PF4???
I thought about that, put since I've never actually used an LK keyboard for any amount of time I have problems with muscle memory. They'd be easy to swap around of course.
As for the VT problems in iTerm2 I haven't come across anything debilitating, at least in VMS - if I could do this in Terminal.app I would.
Tunnelling X on the links I'll be working on is not an option, unfortunately.
In any case, aside from the location of the PF keys, is that more or less a complete LK-style keyboard or am I missing something? Also looking at an image of the LK keyboard I saw that a lot of the keys had values printed "in the front" (e.g. Find has Home Cursor on it as well), are those shifted or? Should I add escape sequences for those as well, are they commonly used?
Sampsa
Sampsa Laine <sampsa at mac.com> writes:
So I've had this idea for a while and FINALLY got my hands on a "proper" =
Mac 100+ key keyboard.
iTerm2.app will let me map pretty much any key to any escape sequence, =
what do you guys think of the following layout (had to be a bit =
'creative' and move some keys around):
http://sampsa.com/maclk.jpg
I'd have to ask you why "set C" is not the PF1 through PF4???
FWIW, the iTerm.app and iTerm2.app both have pretty awful VT emulations. If
you really want/need to use a VT terminal, assuming your target is VMS, then
issue $CREATE/TERMINAL with the VMS display set to your Mac. If you use ssh,
this is much simpler to establish, simply use the -X switch with ssh command.
You'll find that the Mac keyboard you've shown in your URL maps nicely under
the DECterm which will be launched on your Mac. A few minor Xmodmap commands
or mods of the Xresource file will make things seem much more like an LK key-
board.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
Well I speak to machines with the voice of humanity.
So I've had this idea for a while and FINALLY got my hands on a "proper" Mac 100+ key keyboard.
iTerm2.app will let me map pretty much any key to any escape sequence, what do you guys think of the following layout (had to be a bit 'creative' and move some keys around):
http://sampsa.com/maclk.jpg
sampsa <sampsa at mac.com>
mobile +358 40 7208932
On 24 Nov 2013, at 09:27, Google <md.benson at gmail.com> wrote:
On 23 Nov 2013, at 22:17, Hans Vlems <hvlems at zonnet.nl> wrote:
An rx2600 has ecc memory. Not terribly expensive to replace though
Does the rx2600 take the same ram and the zx6000? If so you are welcome to have some of mine if you need to, I ve got 24GB of it and took most of it out to save power consumption! :)
Might do - I might actually up the RAM on it since I won't be paying the power bill in the colo :)
On 23 Nov 2013, at 22:17, Hans Vlems <hvlems at zonnet.nl> wrote:
An rx2600 has ecc memory. Not terribly expensive to replace though
Does the rx2600 take the same ram and the zx6000? If so you are welcome to have some of mine if you need to, I ve got 24GB of it and took most of it out to save power consumption! :)
--
Mark Benson
http://DECtec.info
Twitter: @DECtecInfo
HECnet: STAR69::MARK
Online Resource & Mailing List for DEC Enthusiasts.
Sampsa, it might have been a fluke ( or a passing neutrino :)
Van: Sampsa Laine
Verzonden: zaterdag 23 november 2013 23:47
Aan: hecnet at Update.UU.SE
Beantwoorden: hecnet at Update.UU.SE
Onderwerp: Re: [HECnet] RHESUS is back up
On 23 Nov 2013, at 22:45, Kari Uusim ki <uusimaki at exdecfinland.org> wrote:
> On 23.11.2013 0:27, Sampsa Laine wrote:
>> Something had gone horribly wrong with RHESUS, one of its front panel LEDs was flashing red.
>>
>> A power cycle however restored normal functionality and the system is now running again, so the MEDIALIB and web services are up again.
>>
>> If this happens again I will probably replace the hardware - fixing Integrity is probably going to cost me more than just getting another one off eBay...:) It's had a good innings, I bought it about 4 years ago and it's been running ever since.
>>
>> sampsa <sampsa at mac.com>
>> mobile +358 40 7208932
>>
>>
>> .
>>
>
> Did you check the error based on the LED behaviour?
> If you know which LED was flashing red, you can check in the manual what kind of a failure there was. Could be a fan failing as well.
>
I seriously don't have the time to track this down right now, a cold boot fixed it, just hoping it was a one-off.
Thanks for the advice though.
sampsa <sampsa at mac.com>
On 23 Nov 2013, at 22:45, Kari Uusim ki <uusimaki at exdecfinland.org> wrote:
On 23.11.2013 0:27, Sampsa Laine wrote:
Something had gone horribly wrong with RHESUS, one of its front panel LEDs was flashing red.
A power cycle however restored normal functionality and the system is now running again, so the MEDIALIB and web services are up again.
If this happens again I will probably replace the hardware - fixing Integrity is probably going to cost me more than just getting another one off eBay...:) It's had a good innings, I bought it about 4 years ago and it's been running ever since.
sampsa <sampsa at mac.com>
mobile +358 40 7208932
.
Did you check the error based on the LED behaviour?
If you know which LED was flashing red, you can check in the manual what kind of a failure there was. Could be a fan failing as well.
I seriously don't have the time to track this down right now, a cold boot fixed it, just hoping it was a one-off.
Thanks for the advice though.
sampsa <sampsa at mac.com>
On 23.11.2013 0:27, Sampsa Laine wrote:
Something had gone horribly wrong with RHESUS, one of its front panel LEDs was flashing red.
A power cycle however restored normal functionality and the system is now running again, so the MEDIALIB and web services are up again.
If this happens again I will probably replace the hardware - fixing Integrity is probably going to cost me more than just getting another one off eBay...:) It's had a good innings, I bought it about 4 years ago and it's been running ever since.
sampsa <sampsa at mac.com>
mobile +358 40 7208932
.
Did you check the error based on the LED behaviour?
If you know which LED was flashing red, you can check in the manual what kind of a failure there was. Could be a fan failing as well.
Kari