HECnet

hecnet@lists.dfupdate.se

7 participants
15595 discussions

by system＠TMESIS.COM

Sampsa Laine <sampsa at mac.com> writes: {...snip...} It is getting ludicrous. Soon we'll all be behind NAT "for our own = safety". Ugh. NAT doesn't necessarily provide you or buy you any better security. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG Well I speak to machines with the voice of humanity.

12 years, 3 months

Telnet/SSH attacks

by sampsa＠mac.com

On 29 Nov 2013, at 03:48, Gregg Levine <gregg.drwho8 at gmail.com> wrote: Hello! Interesting problem that one, Sampsa as applied to the Asterisk PBX. Now the important question, who is or was hosting them? I might know of them? It's hosted in a colo facility operated by NETRIPLEX LLC - I actually sent them the message as an act of goodwill, the PBX operator probably DOESN'T want to be compromised like this :) A compromised NAS, interesting. It might have been deliberately spun up that way..... That was in China - I don't even bother contacting their abuse points, useless... And I agree with you regarding the drivers license and the server issues. It is getting ludicrous. Soon we'll all be behind NAT "for our own safety". Ugh.

12 years, 3 months

Telnet/SSH attacks

by gregg.drwho8＠gmail.com

Hello! Interesting problem that one, Sampsa as applied to the Asterisk PBX. Now the important question, who is or was hosting them? I might know of them? A compromised NAS, interesting. It might have been deliberately spun up that way..... And I agree with you regarding the drivers license and the server issues. ----- Gregg C Levine gregg.drwho8 at gmail.com "This signature fought the Time Wars, time and again." On Thu, Nov 28, 2013 at 6:27 PM, Sampsa Laine <sampsa at mac.com> wrote: Took out another 5 or so attackers today, actually reported one Asterisk PBX (weird, right) to their hosting company in the US, figured they are compromised. All of the hosts I've scanned are basically compromised systems, some poor guys server or the latest one, a NAS unit with all its management ports accessible through the Internet. I think we'll need some kind of driving license system for running servers at some point, this botnet stuff is just ridiculous :) sampsa <sampsa at mac.com> mobile +44 7961 149465

12 years, 3 months

Telnet/SSH attacks

by sampsa＠mac.com

Took out another 5 or so attackers today, actually reported one Asterisk PBX (weird, right) to their hosting company in the US, figured they are compromised. All of the hosts I've scanned are basically compromised systems, some poor guys server or the latest one, a NAS unit with all its management ports accessible through the Internet. I think we'll need some kind of driving license system for running servers at some point, this botnet stuff is just ridiculous :) sampsa <sampsa at mac.com> mobile +44 7961 149465

12 years, 3 months

Fun and Games: Only one month left on the CHIMPY:: Tetris Challenge 2013!

by sampsa＠mac.com

Guys, I'm running a VT100 Tetris competition on CHIMPY::. There's actual prizes and everything! You get a Tetris Ninja certificate along with the stuff listed below. If you DO get a high score (1st or 2nd place) PLEASE screenshot the name entry screen and email it to tetris at sampsa.com Access: telnet to chimpy.sampsa.com, log in as tetris Prizes / General Blurb ====================== CHIMPY:: VT100 (well VT220 if you have it) Tetris challenge relaunched! Last year's winner never claimed his price, my suspicions being that he didn't trust banker's drafts from obscure countries like the United Kingdom of Great Britain and Northern Ireland. So this year the price has not only been increased in total monetary value, but it is issued in CASH. That's right, the winner will get LL 25,000 (TWENTY FIVE THOUSAND LEBANESE POUNDS), a reliable currency issued by a known entity*, unlike the RBS Group. The runner up will get EGP 35 (THIRTY FIVE EGYPTIAN POUNDS). So get your VT220 client out, telnet to CHIMPY.SAMPSA.COM, and log in as TETRIS. We will be posting more or less frequent updates about the state of play. * No seriously, the Lebanese Pound is dollar-pegged and hasn't been devalued for like ever. Even during the July War it didn't drop. sampsa <sampsa at mac.com> mobile +44 7961 149465

12 years, 3 months

Telnet/SSH attacks

by system＠TMESIS.COM

Dave McGuire <mcguire at neurotica.com> writes: On 11/27/2013 12:13 PM, Brian Schenkenberger, VAXman- wrote: The Telnet protocol itself makes no promises about the presence OR absence of encryption, and it has a very flexible do/don't/will/won't option negotiation protocol. Kerberos-enabled telnet, in particular, allows for automatic authentication and/or stream encryption, with either enabled or disabled on an invocation-by-invocation basis. Kerberos-enabled telnet doesn't work unless the target is setup to and willing to provide for it. I have no knowledge of how Sampsa has his configured but from the initial discussion, I'd doubt that Kerberos is involved. As do I. I was merely nit-picking that "telnet" does not exclusively mean "cleartext". Given that it was an open and outward-facing service, I'd certainly HOPE it was Kerberized telnet! ;) Sampsa already explain that it is not. I do have telnet enabled but only for specific captive accounts. These accounts -- such as the VTTEST account -- run an application that can't be escaped from to tinker with anything on the system. For the general cases, though, I only permit 'ssh' for external access and that runs on an alternate port too. Port scanning ssh on a VMS system can consume a over-generous amount of CPU resources. I also limit, becasue of this, how many 'ssh' session can be created at any one time. For me, this is a pretty low number as I should be the only party accessing my systems. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG Well I speak to machines with the voice of humanity.

12 years, 3 months

Telnet/SSH attacks

by mcguire＠neurotica.com

On 11/27/2013 12:13 PM, Brian Schenkenberger, VAXman- wrote: The Telnet protocol itself makes no promises about the presence OR absence of encryption, and it has a very flexible do/don't/will/won't option negotiation protocol. Kerberos-enabled telnet, in particular, allows for automatic authentication and/or stream encryption, with either enabled or disabled on an invocation-by-invocation basis. Kerberos-enabled telnet doesn't work unless the target is setup to and willing to provide for it. I have no knowledge of how Sampsa has his configured but from the initial discussion, I'd doubt that Kerberos is involved. As do I. I was merely nit-picking that "telnet" does not exclusively mean "cleartext". Given that it was an open and outward-facing service, I'd certainly HOPE it was Kerberized telnet! ;) -Dave -- Dave McGuire, AK4HZ New Kensington, PA

12 years, 3 months

Telnet/SSH attacks

by system＠TMESIS.COM

Dave McGuire <mcguire at neurotica.com> writes: On 11/27/2013 11:26 AM, Ian McLaughlin wrote: Encrypted telent? I am intrigued... The Telnet protocol itself isn't encrypted - passwords are in cleartext. Running telnet inside an SSH tunnel is different... Why would you when you've already got a secure communications channel established? I routinely use port forwarding through an ssh tunnel and, in most of the cases, this is essentially telnet on an alternate port (eg. SMTP, POP) but there are other protocols (eg. SQL) which are not so telnet like in their implementation which can benefit from ssh tunneling. The Telnet protocol itself makes no promises about the presence OR absence of encryption, and it has a very flexible do/don't/will/won't option negotiation protocol. Kerberos-enabled telnet, in particular, allows for automatic authentication and/or stream encryption, with either enabled or disabled on an invocation-by-invocation basis. Kerberos-enabled telnet doesn't work unless the target is setup to and willing to provide for it. I have no knowledge of how Sampsa has his configured but from the initial discussion, I'd doubt that Kerberos is involved. This is far from new. I have been using it for over twenty years. It's certainly not new. ;) -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG Well I speak to machines with the voice of humanity.

12 years, 3 months

Power usage of DS10

by jibanes＠gmail.com

Roughly, what would be the power consumption of a 4000-500? On Wed, Nov 27, 2013 at 7:32 AM, Cory Smelosky <b4 at gewt.net> wrote: On Wed, 27 Nov 2013, Mark Wickens wrote: DS10L with 1 HDD is 176 watts. That's less than my ES40...quad-proc with 2 HDD and it hits 800W. ;) -- Cory Smelosky http://gewt.net Personal stuff http://gimme-sympathy.org Projects

12 years, 3 months

Telnet/SSH attacks

by mcguire＠neurotica.com

On 11/27/2013 11:26 AM, Ian McLaughlin wrote: Encrypted telent? I am intrigued... The Telnet protocol itself isn't encrypted - passwords are in cleartext. Running telnet inside an SSH tunnel is different... The Telnet protocol itself makes no promises about the presence OR absence of encryption, and it has a very flexible do/don't/will/won't option negotiation protocol. Kerberos-enabled telnet, in particular, allows for automatic authentication and/or stream encryption, with either enabled or disabled on an invocation-by-invocation basis. This is far from new. I have been using it for over twenty years. -Dave -- Dave McGuire, AK4HZ New Kensington, PA

12 years, 3 months

Jump to page:

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

HECnet