Sampsa Laine <sampsa at mac.com> writes:
>You're probably under a Chinese/Russian robot attack, trying to =
>brute-force their way in.
>
>I've had this on occasion and am tempted to just drop all packets =
>originating from China..
I've gone even further here. I block all nets that originate APNIC.
>Not sure what the best way to do this is, I have a pretty simple =
>consumer level router (Draytek) so I guess I could use iptables or =
>something on Linux - however I'm not if that'll just affect the host I =
>run the iptables command on or the whole interface.
>
>Basically, I have one physical interface for 8 virtual machines and a =
>bunch of SIMH instances etc. If I could drop the packets at the =
>interface of the host machine it'd be ideal.
>
>Any iptables experts out there?
I use IPTABLES on one of the Lunix servers I run to add IP addresses which I
have determined to be those of botnet control systems (generally, systems the
Chinese et al are using).
/sbin/iptables -A INPUT -s $IP -p all -j DROP
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
I speak to machines with the voice of humanity.
Johnny Billquist <bqt at softjar.se> writes:
>On 2015-09-16 13:34, Brian Schenkenberger, VAXman- wrote:
>> Sampsa Laine <sampsa at mac.com> writes:
>>
>>> On 16 Sep 2015, at 11:46, Brian Schenkenberger, VAXman- =
>>> <system at TMESIS.COM> wrote:
>>>
>>>> Sampsa Laine <sampsa at mac.com> writes:
>>>> =20
>>>>> I'm running a batch job that is creating a large (82 GB) file and =3D
>>>>> monitoring the system with MONITOR DISK.
>>>>> =20
>>>>> The value I'm getting is 39 - what does this actually mean, what is =
>>> the =3D
>>>>> unit that is being monitored?
>>>> =20
>>>> =20
>>>> I'm assuming you did not specify /ITEM. =46rom the MONITOR HELP:
>>>> =20
>>>> When the /ITEM qualifier is omitted, the default is =
>>> /ITEM=3DOPERATION_RATE.
>>>> :
>>>> :
>>>> OPERATION_ Specifies that I/O operation rate statistics are
>>>> RATE displayed for each disk.
>>>> =20
>>>> What's you concern, if any?
>>>
>>> Yes, I did this but the operation rate does not give me an indication of =
>>> how many block/second are beyond read/written, or does it?
>>
>> It's a performance metric that is maintained in/by VMS about the number of I/O
>> operations to the disks. Maintaining block counts would be more/only meaning-
>> ful on a per-disk basis. That's generally not something that's a performance
>> metric.
>>
>> This is a very simple procedure to get you a block/second count. Put this in
>> a file (BLOCKS_PER_SECOND.COM, for example) and execute it with the disk name
>> in question. (ie. $ @BLOCKS_PER_SECOND DKA100)
>>
>> $ 100$: BLOCKS_THEN = F$getdvi(P1,"FREEBLOCKS")
>> $ WAIT ::01
>> $ WRITE SYS$OUTPUT BLOCKS_THEN-F$getdvi(P1,"FREEBLOCKS") ! THEN - NOW
>> $ GOTO 100$
>
>Wouldn't that just show a delta of how many blocks have been allocated?
>That do not really correspond to I/O throughput.
>
>That said, what does the monitor operation_rate tell? Is it QIOs, disk
>blocks, disk requests, or something else?
Think $QIOs. There's also the queue length /ITEM. That would show the $QIOs
that are queued but have not yet been processed.
>If it would actually be disk blocks, then Sampsa can indeed deduce I/O
>rates from it, since we know the size of a disk block.
>However, QIOs can cover many disk blocks, and so can I/O requests.
Correct. It's overall disk statistics; not individual disk statistics.
>While I'm at it - a slightly different question. On a VMS system (VMS
>7.3 on a VAX), I now have like hundreds of telnet connections that are
>in a SUSP state. This have gone so far that I cannot establish any more
>connections to the system. I have no idea what people/probes/robots have
>been doing, but it seems TCP/IP or telnet daemon in VMS 7.3 have some
>issues.
Hmm. What version of TCPIP?
$ TCPIP SHOW VERSION
>But my first question is, how do I get rid of all these processes? Do I
>have to kill each one, giving the PID, or is there some better way of
>getting this unstuck?
Generally, process SUSPension is voluntary. Something had to tell the process
to SUSPend itself. If there was a process "idling", waiting for I/O activity,
it would generally wait in LEF (Local Event Flag) wait state.
Can you send me a "$ SHOW SYSTEM" output of this too? From there, we can look
to see why it's SUSpended (some SDA work will ensue). It very well may be an
issue that has already been addressed with TCP/IP (eg. some TCP/IP bug that's
placing processes into SUSPended state when the connection terminates). Are
these TELNET connection initiated via somebody TELNETting into the system? Or,
are these reverse telnet established sessions?
I need to dash out. My wife is having surgery in a week and I must take her
to hospital today for pre-surgery tests.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
I speak to machines with the voice of humanity.
Sampsa Laine <sampsa at mac.com> writes:
>Thanks, that's very useful.
It's very primitive. Feel free to modify it to your liking. However, keep in
mind that DCL is interpreted, so if you spend too much effort in making things
look pretty, you may wind up skewing things far from the 1 second periodicity.
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
I speak to machines with the voice of humanity.
Sampsa Laine <sampsa at mac.com> writes:
>I'm running a batch job that is creating a large (82 GB) file and =
>monitoring the system with MONITOR DISK.
>
>The value I'm getting is 39 - what does this actually mean, what is the =
>unit that is being monitored?
I'm assuming you did not specify /ITEM. From the MONITOR HELP:
When the /ITEM qualifier is omitted, the default is /ITEM=OPERATION_RATE.
:
:
OPERATION_ Specifies that I/O operation rate statistics are
RATE displayed for each disk.
What's you concern, if any?
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
I speak to machines with the voice of humanity.
I'm trying to submit the following batch file (RHELIST.COM):
--- SNIP ---
$! List contents of RHESUS backup
$backup/list RHESYS-2013-12-18.BCK/save
--- SNIP ---
When I run it using @RHELIST, everything is fine but when I try this:
submit/log=rhelist.txt rhelist.com
I get the following error:
Job RHELIST (queue SYS$BATCH, entry 159) started on SYS$BATCH
CHIMPY$
Job RHELIST (queue SYS$BATCH, entry 159) terminated with error status
Any ideas?
Hi
It seems a casualty of my big sortout/move of house is I've lost my
Tru64 5.1B-2 install CD. I had a full HP media kit but the OS CD is
missing, I either lent it to someone or lost it.
Does anyone have one up their sleeve I could grab an ISO from? I have a
PAK kit for it, but no install CD!
Thanks,
--
Mark @ DECtec.info
twitter.com/DECtecInfo
Sampsa Laine <sampsa at mac.com> writes:
>The original idea is that it's basically the same format as a VMS help =
>file but we'll use some markup to make it more generic, then export VMS =
>HELP files, Wiki markup etc.
>
>YAML will work fine for this.
>
>If we keep over-engineerin this thing I doubt anything will ever be =
>built..
>
>I vote we use YAML and agree on the tags we use to structure the text.
There's a YAML to VMS .HLP converter?
--
VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)ORG
I speak to machines with the voice of humanity.
