HECnet

hecnet@lists.dfupdate.se

2 participants
15561 discussions

Re: [DECtec] NTP vulnerability in VMS 8.3

by gregg.drwho8＠gmail.com

Hello! The few times I've seen idiots attacking (or even trying to attack) my (What else?) Linux setup via the SSH connection, I imagine them being forced to walk across a desert, with limited supplies. It definitely should be legal. I'm thinking defenestration. ----- Gregg C Levine gregg.drwho8 at gmail.com "This signature fought the Time Wars, time and again." On Wed, Jan 8, 2014 at 1:52 PM, Brian Schenkenberger, VAXman- <system at tmesis.com> wrote: Dave McGuire <mcguire at neurotica.com> writes: Yep...some little fucker hosed my network with exactly that bug yesterday, but against a UNIX box. It should be legal to kill these people. ... slow and painfully too! -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG Well I speak to machines with the voice of humanity.

11 years, 5 months

Re: [DECtec] NTP vulnerability in VMS 8.3

by system＠TMESIS.COM

Dave McGuire <mcguire at neurotica.com> writes: Yep...some little fucker hosed my network with exactly that bug yesterday, but against a UNIX box. It should be legal to kill these people. ... slow and painfully too! -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG Well I speak to machines with the voice of humanity.

11 years, 5 months

Re: [DECtec] NTP vulnerability in VMS 8.3

by mcguire＠neurotica.com

Yep...some little fucker hosed my network with exactly that bug yesterday, but against a UNIX box. It should be legal to kill these people. Anyway, just build ntpd v4.2.7 to replace whatever version you're running. -Dave On 01/08/2014 01:29 PM, Ian McLaughlin wrote: Hello all, Just got an interesting report of a machine of mine with a public IP address that has a vulnerability in NTP that can be used for amplification attacks. I've attached a snippet of the report I was given at the end of this email. If this was Linux, then I'd have no problems dealing with this. However, for VMS I have no idea. Anyone else run in to this? Is there a patch available? I'm running OpenVMS 8.3 with no patches. Thanks in advance for any assistance, and anyone else running public-facing might want to see if this affects them. Ian (snippet follows) In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. CCIRC has received a report indicating a NTP server(s) from your organization could be potentially used in distributed denial of service attacks. In this case, the NTP server is likely open to 'get monlist' requests, which can be leveraged by malicious actors in reflected distributed denial of service attacks. Organizations should consider testing and deploying the latest version of NTP, which does not use the "monlist" command, at the earliest opportunity. If upgrading to the latest version is not immediately feasible, access to the "monlist" command should be disabled. CCIRC recommends organizations review common best practices to harden NTP servers or disable the service if it is not required. Additional guidance on NTP hardening can be found at the following reference: http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html For more information on this method of attack, please review the following references: https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300 CVE-2013-5211 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5211 -- Dave McGuire, AK4HZ New Kensington, PA

11 years, 5 months

NTP vulnerability in VMS 8.3

by ian＠platinum.net

Hello all, Just got an interesting report of a machine of mine with a public IP address that has a vulnerability in NTP that can be used for amplification attacks. I've attached a snippet of the report I was given at the end of this email. If this was Linux, then I'd have no problems dealing with this. However, for VMS I have no idea. Anyone else run in to this? Is there a patch available? I'm running OpenVMS 8.3 with no patches. Thanks in advance for any assistance, and anyone else running public-facing might want to see if this affects them. Ian (snippet follows) In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. CCIRC has received a report indicating a NTP server(s) from your organization could be potentially used in distributed denial of service attacks. In this case, the NTP server is likely open to 'get monlist' requests, which can be leveraged by malicious actors in reflected distributed denial of service attacks. Organizations should consider testing and deploying the latest version of NTP, which does not use the "monlist" command, at the earliest opportunity. If upgrading to the latest version is not immediately feasible, access to the "monlist" command should be disabled. CCIRC recommends organizations review common best practices to harden NTP servers or disable the service if it is not required. Additional guidance on NTP hardening can be found at the following reference: http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html For more information on this method of attack, please review the following references: https://isc.sans.edu/forums/diary/NTP+reflection+attack/17300 CVE-2013-5211 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5211

11 years, 5 months

CREATE/TERM gives strange error messages about protocol versions...

by hawk＠hawk.ro

On Jan 7, 2014, at 16:30, Brian Schenkenberger, VAXman- wrote: Johnny Billquist <bqt at softjar.se> writes: On 2014-01-07 14:09, Brian Schenkenberger, VAXman- wrote: Sampsa Laine <sampsa at mac.com> writes: Before this, I did an "xhost +" and ssh'd into RHESUS with X forwarding on. {RHESUS$} create/term X11 connection rejected because of wrong authentication. X connection to _WSA48: broken (explicit kill or server shutdown). X Error of failed request: BadConnection (fatal error on display connection) Major opcode of failed request: 1 (X_CreateWindow) Serial number of failed request: 0 Current serial number in output stream: 0 %XLIB-E-ERROREVENT, error event received from server Xlib: client uses different protocol version (11) than server (0)! %DECW-E-CANT_OPEN_DISPL, Can't open display Any idea what is causing this? Server and version? (Assuming you're using your Mac? OSX ???) VMS Arch/Versions? (Assuming a VAX? VMS V?.? TCPIP???)

11 years, 5 months

CREATE/TERM gives strange error messages about protocol versions...

by system＠TMESIS.COM

Johnny Billquist <bqt at softjar.se> writes: On 2014-01-07 14:09, Brian Schenkenberger, VAXman- wrote: Sampsa Laine <sampsa at mac.com> writes: Before this, I did an "xhost +" and ssh'd into RHESUS with X forwarding on. {RHESUS$} create/term X11 connection rejected because of wrong authentication. X connection to _WSA48: broken (explicit kill or server shutdown). X Error of failed request: BadConnection (fatal error on display connection) Major opcode of failed request: 1 (X_CreateWindow) Serial number of failed request: 0 Current serial number in output stream: 0 %XLIB-E-ERROREVENT, error event received from server Xlib: client uses different protocol version (11) than server (0)! %DECW-E-CANT_OPEN_DISPL, Can't open display Any idea what is causing this? Server and version? (Assuming you're using your Mac? OSX ???) VMS Arch/Versions? (Assuming a VAX? VMS V?.? TCPIP???)

11 years, 5 months

CREATE/TERM gives strange error messages about protocol versions...

by bqt＠softjar.se

On 2014-01-07 14:09, Brian Schenkenberger, VAXman- wrote: Sampsa Laine <sampsa at mac.com> writes: Before this, I did an "xhost +" and ssh'd into RHESUS with X forwarding on. {RHESUS$} create/term X11 connection rejected because of wrong authentication. X connection to _WSA48: broken (explicit kill or server shutdown). X Error of failed request: BadConnection (fatal error on display connection) Major opcode of failed request: 1 (X_CreateWindow) Serial number of failed request: 0 Current serial number in output stream: 0 %XLIB-E-ERROREVENT, error event received from server Xlib: client uses different protocol version (11) than server (0)! %DECW-E-CANT_OPEN_DISPL, Can't open display Any idea what is causing this? Server and version? (Assuming you're using your Mac? OSX ???) VMS Arch/Versions? (Assuming a VAX? VMS V?.? TCPIP???)

11 years, 5 months

Decent OS X terminal that'll let me keys?

by bqt＠softjar.se

On 2014-01-07 06:57, Sampsa Laine wrote: Turns out Terminal.app has built-in support for the keys, being as it derives largely from xterm source code I believe. Obviously it does not, as it has bugs that xterm don't, when it comes to VT100 emulation... Anyway, I've now got my frankenkeyboard for the occasional moments when I really need to edit a file on a VMS box.. Good enough for you then, I guess. :-) Johnny

11 years, 5 months

Writing a VT220 terminal emulator

by mark＠wickensonline.co.uk

That should have been VTSTAR: SLAVE::ARCHIVE$:[MEDIA.DECUS.FREEWAREV70.VTSTAR] or http://hecnert.eu/archive/DECUS/FREEWAREV70/VTSTAR/*.*;* -- http://www.wickensonline.co.uk http://hecnet.eu http://declegacy.org.uk http://retrochallenge.net https://twitter.com/urbancamo

11 years, 5 months

CREATE/TERM gives strange error messages about protocol versions...

by system＠TMESIS.COM

Sampsa Laine <sampsa at mac.com> writes: Before this, I did an "xhost +" and ssh'd into RHESUS with X forwarding on. {RHESUS$} create/term X11 connection rejected because of wrong authentication. X connection to _WSA48: broken (explicit kill or server shutdown). X Error of failed request: BadConnection (fatal error on display connection) Major opcode of failed request: 1 (X_CreateWindow) Serial number of failed request: 0 Current serial number in output stream: 0 %XLIB-E-ERROREVENT, error event received from server Xlib: client uses different protocol version (11) than server (0)! %DECW-E-CANT_OPEN_DISPL, Can't open display Any idea what is causing this? Server and version? (Assuming you're using your Mac? OSX ???) VMS Arch/Versions? (Assuming a VAX? VMS V?.? TCPIP???)

11 years, 5 months

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

HECnet