INFO-VAX Sun, 25 Nov 2007 Volume 2007 : Issue 646 Contents: Re: "Mysterious" system crashes Re: "Mysterious" system crashes Re: "Mysterious" system crashes Re: "Mysterious" system crashes Re: NASA gets SGI 2048-core Itanium 2 supercomputer Re: POP attacks and NOSLOT errors Re: POP attacks and NOSLOT errors Re: POP attacks and NOSLOT errors Re: POP attacks and NOSLOT errors Re: POP attacks and NOSLOT errors Re: POP attacks and NOSLOT errors ---------------------------------------------------------------------- Date: Sun, 25 Nov 2007 08:09:33 GMT From: Tad Winters Subject: Re: "Mysterious" system crashes Message-ID: bradhamilton wrote in news:473EE8B0.5010008 @comcast.net: > Volker Halle wrote: >> Brad, >> >> if there are no crash-related messages, there was no crash. Assuming >> CONSOLE = SERIAL. >> >> So after the old OPCOM messages, you just see the Alpha SRM init >> messages and then an OpenVMS boot - right ? This proves, that there >> was either an external power failure or some hardware problem (power- >> supply ?), which causes the console to re-init and - due to >> AUTO_ACTION = RESTART - to boot OpenVMS. > > Yes - my fault for using misleading language - I used "crash" to refer > to a HW or SW reboot. This is most certainly a HW/Environment-related > issue. I still have to clean out the dust bunnies, and re-seat the > boards, however. Perhaps tonight. The external case (including the fan > outlet and grilles) looks (surprisingly) dust free, considering where it > "lives". >> Volker. >> > Brad, I never saw the resolution. Did you try issuing a SHOW POWER command at the console prompt? (Maybe your system doesn't support that command.) Also, I've experienced circuit breaker problems in the past where the circuit breaker wouldn't trip, but there would be momentary loss of power. Since the only change that occurred to rectify the situation was replacement of the circuit breaker, that had to be my problem. I've not seen recurance since replacing the breaker about 8 years ago. Tad ------------------------------ Date: Sun, 25 Nov 2007 13:30:23 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: "Mysterious" system crashes Message-ID: In article , Tad Winters writes: >{...snip...} >Also, I've experienced circuit breaker problems in the past where the >circuit breaker wouldn't trip, but there would be momentary loss of power. >Since the only change that occurred to rectify the situation was >replacement of the circuit breaker, that had to be my problem. I've not >seen recurance since replacing the breaker about 8 years ago. I have one of those. I keep hoping it will start the house ablaze so that I can collect my insurance pay out and get the hell out of this gawd forsaken rat hole known as NJ. Anywhere to the west (even just across the river would be better) and south would be fine. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" http://tmesis.com/drat.html ------------------------------ Date: Sun, 25 Nov 2007 08:40:10 -0500 From: bradhamilton Subject: Re: "Mysterious" system crashes Message-ID: <47497B3A.8070609@comcast.net> Tad Winters wrote: > bradhamilton wrote in news:473EE8B0.5010008 > @comcast.net: > >> Volker Halle wrote: >>> Brad, >>> >>> if there are no crash-related messages, there was no crash. Assuming >>> CONSOLE = SERIAL. >>> >>> So after the old OPCOM messages, you just see the Alpha SRM init >>> messages and then an OpenVMS boot - right ? This proves, that there >>> was either an external power failure or some hardware problem (power- >>> supply ?), which causes the console to re-init and - due to >>> AUTO_ACTION = RESTART - to boot OpenVMS. >> Yes - my fault for using misleading language - I used "crash" to refer >> to a HW or SW reboot. This is most certainly a HW/Environment-related >> issue. I still have to clean out the dust bunnies, and re-seat the >> boards, however. Perhaps tonight. The external case (including the fan >> outlet and grilles) looks (surprisingly) dust free, considering where it >> "lives". >>> Volker. >>> > > Brad, > I never saw the resolution. > Did you try issuing a SHOW POWER command at the console prompt? (Maybe > your system doesn't support that command.) Hi Tad, No "resolution" as such, but since I started paying attention, the (suspected) power problems have not re-occurred (the system knows I am watching it). :-) I did, however, have one small power outage of a few seconds' length; naturally, the system went down and stayed down until I pressed the button. The disk shelves spun up by themselves when power was restored. I don't know if SHOW POWER will work on a PWS433au, but I'll keep it in mind for my next scheduled reboot. > Also, I've experienced circuit breaker problems in the past where the > circuit breaker wouldn't trip, but there would be momentary loss of power. > Since the only change that occurred to rectify the situation was > replacement of the circuit breaker, that had to be my problem. I've not > seen recurance since replacing the breaker about 8 years ago. Before we purchased and moved into our current home, I had the local electric company replace the power feed into the house, and I had an electrician replace the old circuit breaker with a model that wouldn't catch fire (both on the recommendation of the inspector we hired before purchase). :-) Someday I'll have an electrician re-wire the house (when we have the money). I'm not sure that the circuit breaker is contributing to the problem. ------------------------------ Date: Sun, 25 Nov 2007 14:25:17 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: "Mysterious" system crashes Message-ID: In article <47497B3A.8070609@comcast.net>, bradhamilton writes: > > >Tad Winters wrote: >> bradhamilton wrote in news:473EE8B0.5010008 >> @comcast.net: >> >>> Volker Halle wrote: >>>> Brad, >>>> >>>> if there are no crash-related messages, there was no crash. Assuming >>>> CONSOLE = SERIAL. >>>> >>>> So after the old OPCOM messages, you just see the Alpha SRM init >>>> messages and then an OpenVMS boot - right ? This proves, that there >>>> was either an external power failure or some hardware problem (power- >>>> supply ?), which causes the console to re-init and - due to >>>> AUTO_ACTION = RESTART - to boot OpenVMS. >>> Yes - my fault for using misleading language - I used "crash" to refer >>> to a HW or SW reboot. This is most certainly a HW/Environment-related >>> issue. I still have to clean out the dust bunnies, and re-seat the >>> boards, however. Perhaps tonight. The external case (including the fan >>> outlet and grilles) looks (surprisingly) dust free, considering where it >>> "lives". >>>> Volker. >>>> >> >> Brad, >> I never saw the resolution. >> Did you try issuing a SHOW POWER command at the console prompt? (Maybe >> your system doesn't support that command.) > >Hi Tad, > >No "resolution" as such, but since I started paying attention, the >(suspected) power problems have not re-occurred (the system knows I am >watching it). :-) I did, however, have one small power outage of a few >seconds' length; naturally, the system went down and stayed down until I >pressed the button. The disk shelves spun up by themselves when power >was restored. > >I don't know if SHOW POWER will work on a PWS433au, but I'll keep it in >mind for my next scheduled reboot. > >> Also, I've experienced circuit breaker problems in the past where the >> circuit breaker wouldn't trip, but there would be momentary loss of power. >> Since the only change that occurred to rectify the situation was >> replacement of the circuit breaker, that had to be my problem. I've not >> seen recurance since replacing the breaker about 8 years ago. > >Before we purchased and moved into our current home, I had the local >electric company replace the power feed into the house, and I had an >electrician replace the old circuit breaker with a model that wouldn't >catch fire (both on the recommendation of the inspector we hired Federal Pacific Electric eh? http://www.inspect-ny.com/fpe/fpe.html -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" http://tmesis.com/drat.html ------------------------------ Date: Sun, 25 Nov 2007 10:00:02 -0800 (PST) From: Neil Rieck Subject: Re: NASA gets SGI 2048-core Itanium 2 supercomputer Message-ID: <87cb5658-91fa-4fdc-b90b-c534f35e4ace@i12g2000prf.googlegroups.com> On Nov 21, 8:36 pm, Cydrome Leader wrote: > Neil Rieck wrote: > > NASA gets SGI 2048-core Itanium 2 supercomputer > [...snip...] > > This just more proof nasa need to have all its funding cut off. > > They haven't done anything interesting or worth mentioning in decades, > aside from crash nearly 30 year old shuttles or play RC car on mars. > > What possible use for a computer (of any sort) does NASA even have at this > point? Sort of like what the white house spokesperson said bout jimmy > carter, they're becoming increasingly less relevant. > > Third world countries have more ambitious and interesting space programs > at this point. It's sad, but true. > I can't argue with anything you just said (typed). Previously NASA was primarily an organization of technicians, engineers, and scientists. Today it's an organization of bureaucrats and politicians. Question: "If we can land on the moon then why can't we land on the moon?" Neil Rieck Kitchener/Waterloo/Cambridge, Ontario, Canada. http://www3.sympatico.ca/n.rieck/ ------------------------------ Date: Sun, 25 Nov 2007 12:21:03 GMT From: =?windows-1252?Q?Jan-Erik_S=F6derholm?= Subject: Re: POP attacks and NOSLOT errors Message-ID: Peter Weaver wrote: > TCPIP> show ver > > HP TCP/IP Services for OpenVMS Alpha Version V5.6 > on an AlphaServer 800 5/500 running OpenVMS V8.3 > > Three times in the past few years I have been attacked by someone trying > to find a valid username/password on my system using POP, two of those > times have been when I was out of town installing CHARON-VAX for a > customer. I can not find any clues at all about who was doing the > attack, TCP/IP does not log the attacking address at all, all I can see is; > > %%%%%%%%%%% OPCOM 23-NOV-2007 04:13:14.02 %%%%%%%%%%% (from node > AXP800 a > Message from user TCPIP$POP on AXP800 > POP server authentication error: User account "abigail" is invalid. Hi. I had a similar phenomen on my system : $ tcpip sh ver HP TCP/IP Services for OpenVMS Alpha Version V5.5 - ECO 2 on an AlphaStation XP900 466 MHz running OpenVMS V8.2 $ > 1. Know of any way I can find out which IP address was attacking me? operator.log doesn say much at all, but ana/audit gives entries like : Security alarm (SECURITY) and security audit (SECURITY) on xxxxx, system id: 10 Auditable event: Network breakin detection Event time: 25-NOV-2007 11:42:16.64 PID: 000000CA Process name: TCPIP$FTPC00002 Username: admin Password: Remote nodename: 70-97-122-179.st Remote node id: 1180793523 Remote username: FTP_46617AB3 Posix UID: -2 Posix GID: -2 (%XFFFFFFFE) Status: %LOGIN-F-NOSUCHUSER, no such user So try that. Jan-Erik. ------------------------------ Date: Sun, 25 Nov 2007 08:11:49 -0500 From: "Richard B. Gilbert" Subject: Re: POP attacks and NOSLOT errors Message-ID: <47497495.4020206@comcast.net> Peter Weaver wrote: > TCPIP> show ver > > HP TCP/IP Services for OpenVMS Alpha Version V5.6 > on an AlphaServer 800 5/500 running OpenVMS V8.3 > > Three times in the past few years I have been attacked by someone trying > to find a valid username/password on my system using POP, two of those > times have been when I was out of town installing CHARON-VAX for a > customer. I can not find any clues at all about who was doing the > attack, TCP/IP does not log the attacking address at all, all I can see is; > > %%%%%%%%%%% OPCOM 23-NOV-2007 04:13:14.02 %%%%%%%%%%% (from node > AXP800 a > Message from user TCPIP$POP on AXP800 > POP server authentication error: User account "abigail" is invalid. > > %%%%%%%%%%% OPCOM 23-NOV-2007 04:13:14.13 %%%%%%%%%%% (from node > AXP800 a > Message from user TCPIP$POP on AXP800 > POP server authentication error: User account "adam" is invalid. > > %%%%%%%%%%% OPCOM 23-NOV-2007 04:13:14.24 %%%%%%%%%%% (from node > AXP800 a > Message from user TCPIP$POP on AXP800 > POP server authentication error: User account "alan" is invalid. > > After 13,996 of these messages I started getting NOSLOT errors, at that > point the system becomes unstable; some email messages get through, some > do not, some web requests are served, some are not... When I am not home > the only option is to have my wife hit the power button to reboot the > system. > > Does anyone; > 1. Know of any way I can find out which IP address was attacking me? > 2. Know of a way (excluding "Turn off POP") to stop these POP attacks > from breaking my system? > > Peter Weaver > www.weaverconsulting.ca > CHARON-VAX CHARON-AXP DataStream Reflection PreciseMail HP Commercial > Hardware > Do you have some reason for not running a firewall of some sort? My feebleminded Linksys BEFR81 automagically blocks all incoming traffic that is not a response to outgoing traffic. The router logs make interesting reading. There is a continuous stream of probes of ports 1026 and 1027 coming from all over the world. My systems never see them! I could open a port if I wished to do so but in the five years or so that I have had broadband cable, I have felt no need to do so. If you wish to allow random incomming traffic, you may need something a little fancier. ------------------------------ Date: Sun, 25 Nov 2007 13:16:22 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: POP attacks and NOSLOT errors Message-ID: In article <23e001c82f09$5cb5d250$2802a8c0@CHARONLAP>, "Peter Weaver" writes: > > >TCPIP> show ver > > HP TCP/IP Services for OpenVMS Alpha Version V5.6 > on an AlphaServer 800 5/500 running OpenVMS V8.3 > >Three times in the past few years I have been attacked by someone trying to >find a valid username/password on my system using POP, two of those times >have been when I was out of town installing CHARON-VAX for a customer. I can >not find any clues at all about who was doing the attack, TCP/IP does not >log the attacking address at all, all I can see is; > >%%%%%%%%%%% OPCOM 23-NOV-2007 04:13:14.02 %%%%%%%%%%% (from node >AXP800 a >Message from user TCPIP$POP on AXP800 >POP server authentication error: User account "abigail" is invalid. > >%%%%%%%%%%% OPCOM 23-NOV-2007 04:13:14.13 %%%%%%%%%%% (from node >AXP800 a >Message from user TCPIP$POP on AXP800 >POP server authentication error: User account "adam" is invalid. > >%%%%%%%%%%% OPCOM 23-NOV-2007 04:13:14.24 %%%%%%%%%%% (from node >AXP800 a >Message from user TCPIP$POP on AXP800 >POP server authentication error: User account "alan" is invalid. > >After 13,996 of these messages I started getting NOSLOT errors, at that >point the system becomes unstable; some email messages get through, some do >not, some web requests are served, some are not... When I am not home the >only option is to have my wife hit the power button to reboot the system. > >Does anyone; > 1. Know of any way I can find out which IP address was attacking me? > 2. Know of a way (excluding "Turn off POP") to stop these POP attacks >from breaking my system? TCPIP Services? Look at using the SET SERVICE POP /ACCEPT and or /REJECT qualifiers. I limit POP access only to inside networks and LOCALHOST (more later). If, during an attack, you could issue: $ PIPE TCPIP SHOW DEVICE | SEARCH SYS$PIPE 110 You might see the IP of the attacker. (110 is the POP port number) When on the road, I use ssh. I tunnel port 110 with -L 110:localhost:110. (as well as -L 25:localhost:25) Then, I have an on-the-road configuration which has localhost 25/110 define for the servers. I can gain access to mail securely and the outside is still cut off from exploiting my POP and SMTP servers. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" http://tmesis.com/drat.html ------------------------------ Date: Sun, 25 Nov 2007 13:20:58 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: POP attacks and NOSLOT errors Message-ID: <_Ee2j.969$Oe4.239@newsfe10.lga> In article , JF Mezei writes: > > >Peter Weaver wrote: >> Does anyone; >> 1. Know of any way I can find out which IP address was attacking me? > >No. I reported this some time ago. There is also no breakin evasion >triggered. > > >> 2. Know of a way (excluding "Turn off POP") to stop these POP attacks >> from breaking my system? > >No. But you can reduce the impact by setting a service limit >( SET SERVICE POP /LIMIT=2 for instance). So if the hacker make multiple >simultaneous connection attempts, only the first 2 get through and this >limits the damage to your system and also slows down their dictionary >attacks. I've limited ssh in this fashion (but I have a larger value than 2). It does seem to thwart the port scanners and script kiddies. Things such as POP and the like are NOT secure. I would limit access to these to inside networks and trusted hosts/IPs only. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" http://tmesis.com/drat.html ------------------------------ Date: Sun, 25 Nov 2007 14:17:15 GMT From: VAXman- @SendSpamHere.ORG Subject: Re: POP attacks and NOSLOT errors Message-ID: In article <47497495.4020206@comcast.net>, "Richard B. Gilbert" writes: > > >Peter Weaver wrote: >> TCPIP> show ver >> >> HP TCP/IP Services for OpenVMS Alpha Version V5.6 >> on an AlphaServer 800 5/500 running OpenVMS V8.3 >> >> Three times in the past few years I have been attacked by someone trying >> to find a valid username/password on my system using POP, two of those >> times have been when I was out of town installing CHARON-VAX for a >> customer. I can not find any clues at all about who was doing the >> attack, TCP/IP does not log the attacking address at all, all I can see is; >> >> %%%%%%%%%%% OPCOM 23-NOV-2007 04:13:14.02 %%%%%%%%%%% (from node >> AXP800 a >> Message from user TCPIP$POP on AXP800 >> POP server authentication error: User account "abigail" is invalid. >> >> %%%%%%%%%%% OPCOM 23-NOV-2007 04:13:14.13 %%%%%%%%%%% (from node >> AXP800 a >> Message from user TCPIP$POP on AXP800 >> POP server authentication error: User account "adam" is invalid. >> >> %%%%%%%%%%% OPCOM 23-NOV-2007 04:13:14.24 %%%%%%%%%%% (from node >> AXP800 a >> Message from user TCPIP$POP on AXP800 >> POP server authentication error: User account "alan" is invalid. >> >> After 13,996 of these messages I started getting NOSLOT errors, at that >> point the system becomes unstable; some email messages get through, some >> do not, some web requests are served, some are not... When I am not home >> the only option is to have my wife hit the power button to reboot the >> system. >> >> Does anyone; >> 1. Know of any way I can find out which IP address was attacking me? >> 2. Know of a way (excluding "Turn off POP") to stop these POP attacks >> from breaking my system? >> >> Peter Weaver >> www.weaverconsulting.ca >> CHARON-VAX CHARON-AXP DataStream Reflection PreciseMail HP Commercial >> Hardware >> > >Do you have some reason for not running a firewall of some sort? My >feebleminded Linksys BEFR81 automagically blocks all incoming traffic >that is not a response to outgoing traffic. The router logs make >interesting reading. There is a continuous stream of probes of ports >1026 and 1027 coming from all over the world. My systems never see >them! I could open a port if I wished to do so but in the five years or >so that I have had broadband cable, I have felt no need to do so. Save that the POP server wouldn't initiate a contact to a remote client. >If you wish to allow random incomming traffic, you may need something a >little fancier. Like a real router or a firewall? I've not had any issues that I could not deal with with my router or one of VMS's or TCPIP Service's mechan- isms. However, one of these days I *will* get to configuring my Juniper firewall. -- VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM "Well my son, life is like a beanstalk, isn't it?" http://tmesis.com/drat.html ------------------------------ Date: Sun, 25 Nov 2007 09:25:24 -0700 From: "Michael D. Ober" Subject: Re: POP attacks and NOSLOT errors Message-ID: <13kj8fn5p19pdb2@corp.supernews.com> "Jan-Erik Söderholm" wrote in message news:PMd2j.795$R_4.387@newsb.telia.net... > Peter Weaver wrote: > >> TCPIP> show ver >> >> HP TCP/IP Services for OpenVMS Alpha Version V5.6 >> on an AlphaServer 800 5/500 running OpenVMS V8.3 >> >> Three times in the past few years I have been attacked by someone trying >> to find a valid username/password on my system using POP, two of those >> times have been when I was out of town installing CHARON-VAX for a >> customer. I can not find any clues at all about who was doing the attack, >> TCP/IP does not log the attacking address at all, all I can see is; >> >> %%%%%%%%%%% OPCOM 23-NOV-2007 04:13:14.02 %%%%%%%%%%% (from node >> AXP800 a >> Message from user TCPIP$POP on AXP800 >> POP server authentication error: User account "abigail" is invalid. > > Hi. > I had a similar phenomen on my system : > > $ tcpip sh ver > > HP TCP/IP Services for OpenVMS Alpha Version V5.5 - ECO 2 > on an AlphaStation XP900 466 MHz running OpenVMS V8.2 > > $ > > > 1. Know of any way I can find out which IP address was attacking me? > > operator.log doesn say much at all, but ana/audit gives > entries like : > > Security alarm (SECURITY) and security audit (SECURITY) on xxxxx, system > id: 10 > Auditable event: Network breakin detection > Event time: 25-NOV-2007 11:42:16.64 > PID: 000000CA > Process name: TCPIP$FTPC00002 > Username: admin > Password: > Remote nodename: 70-97-122-179.st > Remote node id: 1180793523 > Remote username: FTP_46617AB3 > Posix UID: -2 > Posix GID: -2 (%XFFFFFFFE) > Status: %LOGIN-F-NOSUCHUSER, no such user > > > So try that. > > Jan-Erik. > The Romote node id is a decimal IP address. Here's the conversion from http://www.kloth.net/services/iplocate.php. The conversion result: IP dotted quad IP decimal IP hex IP Binary 70.97.122.179 1180793523 46617AB3 01000110 01100001 01111010 10110011 Reverse DNS lookup on host 70.97.122.179: 179.122.97.70.in-addr.arpa domain name pointer 70-97-122-179.stephouse.com. Hope this helps. Mike. ------------------------------ End of INFO-VAX 2007.646 ************************