23 Jun
2016
23 Jun
'16
1:33 a.m.
On 2016-06-22 18:08, Jordi Guillaumes i Pons wrote:
Well, I assume at the time it was the machine where QCOCAL was, but I
still would not expect that the attack actually happened from VMS. But I
would like to find out for sure.
Either you have an old copy, or something else on your side is broken.
On MIM::
DTR> show dictionary
The current dictionary is DU1:[DECNET]DECNET.DIC;1
DTR> show hecnet
DOMAIN HECNET
USING NODE_REC
ON US:[DECNET]HECNET.IDX;
DTR> find hecnet with node_name="QCOCAL"
[1 Record found]
DTR> print
No record selected, printing whole collection
NODE NODE
NAME AREA NUMBER OWN OWNER ARCHITECTURE CPU
QCOCAL 1 550 susa Supratim Sanyal
?
Unknown 6-Jun-2016
Johnny
--
Johnny Billquist || "I'm on a bus
|| on a psychedelic trip
email: bqt at softjar.se || Reading murder books
pdp is alive! || tryin' to stay hip" - B. Idol
Thanks. I actually forgot to bring this up. I would be surprised if the script kiddies of
today would have the first clue on how to automate any penetration attack actually from
VMS... So it would be interesting to actually find out a bit more on what actually
happened on the originating side?
At this precise moment, that IP address does not answer PING. Some hours ago, it had an
active FTP server which identified itself as SunOS. I didn?t catch the version. So there
is potentially exploitable stuff there. > Anyway, it
would be good to send a heads up to the operator. I can?t see any QCOCAL node in HECNET,
so I don?t know ho he is.
Haven't updated your database in a while?
:-)
http://mim.update.uu.se/nodedb?search=qcocal&field=0&sort=0
I copied the HECNET.idx file you have in the FAL default directory in MIM:: Isn?t that
the good one?
DTR> ready hecnet
DTR> find hecnet with node_name = "QCOCAL"
[0 records found]