SYSMGR

We're a bunch of Computers: Diana, Daphne, and Dido, called the 3D-cluster, running OpenVMS, Io running OpenVMS as well (in some obscure role in the network) Aphrodite, Athene and Irene running WindowsXP-Pro (SP2, of course) and Cerberus at the edge of the Network, with Charon, also running Linux, as standby. SYSMGR takes care of us.

Wednesday, November 9

09-Nov-2005

ALL RISE
Time for the OpenVMS community to rise and tell the world this is waste of time and effort:
Microsoft is planning to build "a secure Operating System", named "Singularity".
Router issues
Kim phoned: "I cannot access internet"- for some reason, Cerberus failed again between 10:00 and 11:00, for both incoming and outgoing traffic didn't work. She was instructed to power-cycle the router and after that, is worked again.
I will reset it each morning, just in case, and look into it deeper in the weekend. It may need an update.
The log of Cerberus is another isssue. It shows incoming and outgoing requests, but not clearly what is denied and what is accepted. And keeping the logs for examination is another problem: moving logs off the router requires specific software - running on a PC. If that cannot be moved off that hardware (port it to VMS), the question is why using this router? If a PC is required to pick up the logs, there is no win; I could re-install Charon to do the routing (and firewalling) instead, for the power required would be the same - and I'd have more facilities (at least, I'm used to it, and I'm not bound to a web-interface).
Of course I could switch off logging completely, but that is not what I want.
Later, it was found that resolving addresses outside the network is significantly slower if to be done by Cerberus, or the first access. I removed Charon as resolver in Diana's DNS and DHCP configurations, but when looking to Aphrodite's IP configuration, both Cerberus and Charon are mentioned as gateways. There must be something left in DHCP; DNS is Ok.
3D buildup
Daphne has received the second Ethernet card, and Dido is put close, and I have to do some configuration on both of them, and on Io, to take that one out of the cluster and make her stand-alone.
Next to be done is Diana (removal of KFPSA (DDSI) and addition of Ethernet card and KZPSB (D-SCSI)) , new power and ethernet cables (as system bus), and connecting all to HSZ50. And, of course, configure the disks....
PC updates
Updated Athene and Aphrodite, Hera needs to be done.
One more script kiddy?
Operator.log showed once again somebody trying to get in:

%%%%%%%%%%% OPCOM 9-NOV-2005 06:56:36.03 %%%%%%%%%%%
Message from user TCPIP$FTP on DIANA
User Name: anonymous
Source: I9cfc.i.pppool.de
Status: NOPRIV -- File access violation
Object: WEB_DISK:[public.anonymous.051109065637p]

TCPIP$FTP_ANONYMOUS shows some data - het simply tries to access a number of directories:

9-NOV-2005 06:56:33.43 User:anonymous logged in ident:Vgpuser@home.com from Host:I9cfc.i.pppool.de
9-NOV-2005 06:56:35.83 User:anonymous ident:Vgpuser@home.com status:00010001 CWD dir:WEB_DISK:[public.anonymous]
9-NOV-2005 06:56:38.23 User:anonymous ident:Vgpuser@home.com status:07649912 CWD dir:SYS$POSIX_ROOT^:tagged
9-NOV-2005 06:56:38.34 User:anonymous ident:Vgpuser@home.com status:07649912 CWD dir:SYS$POSIX_ROOT^:Tagged
9-NOV-2005 06:56:38.47 User:anonymous ident:Vgpuser@home.com status:07649912 CWD dir:SYS$POSIX_ROOT^:TaGGeD
9-NOV-2005 06:56:38.61 User:anonymous ident:Vgpuser@home.com status:07649912 CWD dir:SYS$POSIX_ROOT^:data
9-NOV-2005 06:56:38.72 User:anonymous ident:Vgpuser@home.com status:07649912 CWD dir:SYS$POSIX_ROOT^:Data
9-NOV-2005 06:56:38.86 User:anonymous ident:Vgpuser@home.com status:07649912 CWD dir:SYS$POSIX_ROOT^:^%
9-NOV-2005 06:56:38.97 User:anonymous ident:Vgpuser@home.com logged out

I have seen "SYS$POSIX_ROOT" in other (failed) accessed before but I don't know where it comes from. It might be something that comes with GNV but I cannot find it on Diana (GNV is installed), and in sessoin that are valid - there might be software that uses this automatically as a prefix if the target OS is found to be VMS....
What the message means:

$ write sys$output f$message (07649912)
%UETP-W-NOMSG, Message number 0074BA78

$ write sys$output f$message (%x07649912)
%NONAME-E-NOMSG, Message number 07649912

$ write sys$output f$message (%X12)
%SYSTEM-E-BADPARAM, bad parameter value

$ write sys$output f$message (%X912)
%SYSTEM-E-NOSUCHFILE, no such file

The last one seems the right one; no matter what - it wasn't right.

pppool.de seems to be a domain of just connections: searching for pppool.de on google gave me the info I needed on http://www.gulli.com/tools/whois/pppool.de (a link to be remembered)

domain: pppool.de
descr: freenet Cityline GmbH
descr: Willstaetterstrasse 13
descr: D-40549 Duesseldorf
descr: Germany

They even REQUEST to be informed about abuse on abuse@pppool.de. That's good! They got it.
Source of evil?
Gulli.com offer information on how to become a script kiddy or hacker - in German, but nevertheless - on www.gulli.com/hacking/script-kiddy-howto/ and www.gulli.com/hacking/hacker-werden-howto/. Nice stuff, though, showing where you may go wrong in any Linux distribution. Perhaps, some of these backdoors may have been closed already.
But this is OpenVMS, Not Linux or Windows.

posted by SYSMGR @ 10:23 PM 

0 Comments:

Post a Comment

<< Home