Re: these sshmucks are at it again... - VMS

This is a discussion on Re: these sshmucks are at it again... - VMS ; VAXman- @SendSpamHere.ORG writes: >>Just for grins, I look at the logs this thing keeps and see three to six >>attempts per minute around the clock! Most probes go to ports 1028 and >>1029; I've never figured out what that's supposed ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 38 of 38

Thread: Re: these sshmucks are at it again...

  1. Re: these sshmucks are at it again...

    VAXman- @SendSpamHere.ORG writes:

    >>Just for grins, I look at the logs this thing keeps and see three to six
    >>attempts per minute around the clock! Most probes go to ports 1028 and
    >>1029; I've never figured out what that's supposed to accomplish.


    >IANA's list shows 1028 deprecated and 1029 is called "Solid Mux Server".
    >I don't know why they'd look to probe these other than there may be some
    >way to distinguish from the reponse whether or not there's some firewall
    >in the mix.


    Ports 1024 and up are for ports used as the return port no. of outbound
    calls as well as for unprivileged servers. It may be that an "out of
    the box" Windoze system, when it boots, starts using ports starting at
    1024 for outbound calls, and application X (someone mentioned Messenger)
    happens to always get 1028 and/or 1029 when it eventually starts. The
    hacker is targeting Application X's outbound connection.

    Having said that, I don't know the order that Windows uses port numbers,
    and it may still may be some service.

    The IANA list entry probably means little. Microsoft often has an
    attituude that standards are for everyone else.

  2. Re: these sshmucks are at it again...

    "P. Sture" writes:

    >In article <469eb405@dnews.tpgi.com.au>, Jim Duff
    >wrote:


    >> I'm unaware of any documented ways to perform these actions under
    >> program control. If you have access to the source listings however...
    >>


    >I've just scanned the V8.3 System Services manual, but didn't find
    >anything obvious.


    I have since been told that audit server commands such as SET AUDIT/LISTEN
    are implemented as mailbox messages to a different audit server mailbox.

  3. Re: these sshmucks are at it again...

    In article , moroney@world.std.spaamtrap.com (Michael Moroney) writes:
    >
    >
    >VAXman- @SendSpamHere.ORG writes:
    >
    >>>Just for grins, I look at the logs this thing keeps and see three to six
    >>>attempts per minute around the clock! Most probes go to ports 1028 and
    >>>1029; I've never figured out what that's supposed to accomplish.

    >
    >>IANA's list shows 1028 deprecated and 1029 is called "Solid Mux Server".
    >>I don't know why they'd look to probe these other than there may be some
    >>way to distinguish from the reponse whether or not there's some firewall
    >>in the mix.

    >
    >Ports 1024 and up are for ports used as the return port no. of outbound
    >calls as well as for unprivileged servers. It may be that an "out of
    >the box" Windoze system, when it boots, starts using ports starting at
    >1024 for outbound calls, and application X (someone mentioned Messenger)
    >happens to always get 1028 and/or 1029 when it eventually starts. The
    >hacker is targeting Application X's outbound connection.
    >
    >Having said that, I don't know the order that Windows uses port numbers,
    >and it may still may be some service.
    >
    >The IANA list entry probably means little. Microsoft often has an
    >attituude that standards are for everyone else.


    You think? Micro$hit's lack of adherence to standards has been making
    my life most difficult when adding web page features. I know there is
    one here who holds great disdain for Javascript -- Hi, Larry -- but
    it is in widespread use. Firefox, Safari and myriad other browsers, at
    least newer releases thereof, adhere to the DOM 2 scripting standards,
    except for as you might guess Micro$hit's Internet Exploiter. At least
    I am seeing more and more web hits from Firefox. There's hope.

    --
    VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM

    "Well my son, life is like a beanstalk, isn't it?"

    http://tmesis.com/sig.jpg

  4. Re: these sshmucks are at it again...

    In article , moroney@world.std.spaamtrap.com (Michael Moroney) writes:
    >
    >
    >"P. Sture" writes:
    >
    >>In article <469eb405@dnews.tpgi.com.au>, Jim Duff
    >>wrote:

    >
    >>> I'm unaware of any documented ways to perform these actions under
    >>> program control. If you have access to the source listings however...
    >>>

    >
    >>I've just scanned the V8.3 System Services manual, but didn't find
    >>anything obvious.

    >
    >I have since been told that audit server commands such as SET AUDIT/LISTEN
    >are implemented as mailbox messages to a different audit server mailbox.


    I've always hated this ill-conceived interface. If the listener program
    dies and the listener mailbox is still defined, the AUDIT_SERVER will con-
    tinue to write to the mailbox until it fills; then, all hell breaks loose.

    --
    VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM

    "Well my son, life is like a beanstalk, isn't it?"

    http://tmesis.com/sig.jpg

  5. Re: these sshmucks are at it again...

    On Jul 18, 5:38 pm, moro...@world.std.spaamtrap.com (Michael Moroney)
    wrote:
    > VAXman- @SendSpamHere.ORG writes:
    > >In article <1184785605_1...@sp12lax.superfeed.net>, Jeff Campbell writes:
    > >>> This is TCPIP services ssh, BTW. If anybody has a quick and dirty to get
    > >>> the username under attack, I'd appreciate it. HP, if you are listening,
    > >>> this would be a nice feature if it doesn't already exist (I didn't see a
    > >>> way get it when I perused the ssh doc).

    >
    > Unfortunately, SSH doesn't report the username to the audit server
    > properly. See below.
    >
    > >>ANAL/AUDI will show you the attempted user names. On my system I see:

    > >From ssh? I don't think so... Here is what I see for both LOGFAIL and
    > >BREAKIN event types in my AUDIT logs:
    > > Date / Time Type Subtype Node Username ID Term
    > >18-JUL-2007 07:55:26.57 BREAKIN NETWORK ****** TCPIP$SSH 20200D4F
    > >18-JUL-2007 07:54:56.92 LOGFAIL NETWORK ****** TCPIP$SSH 20200D4A
    > >Using HP TCP/IP Services for OpenVMS Alpha Version V5.4 - ECO 6

    >
    > I wrote a little program that listens to the audit server, and when it
    > detects a TCPIP breakin attempt, it'll disable the attacking IP address.
    > Except it's not all there. I do detect the breakin and figure out the
    > IP address to disable, but don't actually disable anything. It knows
    > about SSH, FTP and TELNET breakin attempts. What I found that makes this
    > a mess:
    >
    > There is a "remote node address" field where I'd think the IP address of
    > the attacker would go. TELNET puts it there. So does FTP, but in the
    > reverse byte order of TELNET! (Big-endian vs. little endian issue)
    > SSH doesn't use the field at all! I can figure out the SSH attacker
    > address via a hack.
    >
    > FTP and TELNET do tell you the username being attacked. SSH does - only
    > if it exists on the system! Otherwise it uses the username TCPIP$SSH.
    >
    > What's stopping me from the final touch and give it to you:
    > Being busy, and writing a simple LIB$SPAWN to do either a:
    > $ TCPIP SET COMMUNICATION/REJECT=ip.add.re.ss or
    > $ TCPIP SET ROUTE ip.add.re.ss /GATEWAY=black.hole or something, and
    > a LIB$SPAWN to do a SET AUDIT, plus cleanup. The hard part is done
    > and working.
    >
    > Does anyone know of a system service or $QIO that will do the above TCPIP
    > commands, or the equivalent of a $ SET AUDIT/LISTENER=mailbox and
    > $ SET AUDIT/NOLISTEN ? I especially want the latter in an exit handler,
    > because if the program doesn't shut down properly, the mailbox gets full
    > and the audit server gets upset and starts suspending all the processes!
    > I don't want anyone getting pissed off at me because this program hung
    > your system, even if it's the audit server at fault. If you try to log in
    > to fix it, the audit server suspends the process before you get a chance
    > to do anything!


    Seems like a bored VMS kernel level hacker could write a type of
    software honeypot/sandbox/tar pit that would run after x number of
    suspicious attempts and present whatever environment or message that
    you wanted to display. Maybe a prompt that shifts between various
    mainframe, *nix & windows looks, and eventually displays something
    like: "Traceback successful. Black helicopters will arrive
    momentarily. Offending system will be neutralized in
    10......9.....8......7..."

    ..5 * ;-)


  6. Re: these sshmucks are at it again...

    Richard B. Gilbert wrote:
    > If you had the perp's name and address, what could you do? Odds are
    > that he's in Peking or Singapore or is relaying through a zombie
    > somewhere. . . . This sort of **** hits the bit-bucket at my router and
    > I simply ignore it.


    You don't worry about script kiddies in asia. But you need to be able to
    quickly establish that you are dealing with a script kiddie instead of
    an ex employee trying various site specific accounts. And to do this,
    you really need to get the information on what the remote user is
    attempting to do.

    And the logging must be reliable and trustable enough that you are sure
    that they are trying to login under "Administrato" instead of
    "Administrator". Right now, I really don't have the confidence that VMS
    is giving me the full usernames they are trying for those services where
    the username is logged.

  7. Re: these sshmucks are at it again...

    In article , VAXman- @SendSpamHere.ORG
    wrote:

    > In article , moroney@world.std.spaamtrap.com
    > (Michael Moroney) writes:
    > >
    > >
    > >"P. Sture" writes:
    > >
    > >>In article <469eb405@dnews.tpgi.com.au>, Jim Duff
    > >>wrote:

    > >
    > >>> I'm unaware of any documented ways to perform these actions under
    > >>> program control. If you have access to the source listings however...
    > >>>

    > >
    > >>I've just scanned the V8.3 System Services manual, but didn't find
    > >>anything obvious.

    > >
    > >I have since been told that audit server commands such as SET AUDIT/LISTEN
    > >are implemented as mailbox messages to a different audit server mailbox.

    >
    > I've always hated this ill-conceived interface. If the listener program
    > dies and the listener mailbox is still defined, the AUDIT_SERVER will con-
    > tinue to write to the mailbox until it fills; then, all hell breaks loose.


    In my experience all hell might break loose on the phones. The system
    however tends to grind to a halt. If you aren't already logged on
    somewhere with enough privilege, it's crash the system time :-(

    --
    Paul Sture

  8. Re: these sshmucks are at it again...

    In article <469F6D4C.70603@comcast.net>,
    "Richard B. Gilbert" wrote:

    > If you had the perp's name and address, what could you do? Odds are
    > that he's in Peking or Singapore or is relaying through a zombie
    > somewhere. . . . This sort of **** hits the bit-bucket at my router and
    > I simply ignore it.


    From another angle, it could be a PC within your network that has a
    terminal emulator pointing at the wrong system. Ditto for an SCOPY job
    etc.

    --
    Paul Sture

  9. Re: these sshmucks are at it again...

    In article , "P. Sture" writes:
    >
    >
    >In article , VAXman- @SendSpamHere.ORG
    >wrote:
    >
    >> In article , moroney@world.std.spaamtrap.com
    >> (Michael Moroney) writes:
    >> >
    >> >
    >> >"P. Sture" writes:
    >> >
    >> >>In article <469eb405@dnews.tpgi.com.au>, Jim Duff
    >> >>wrote:
    >> >
    >> >>> I'm unaware of any documented ways to perform these actions under
    >> >>> program control. If you have access to the source listings however...
    >> >>>
    >> >
    >> >>I've just scanned the V8.3 System Services manual, but didn't find
    >> >>anything obvious.
    >> >
    >> >I have since been told that audit server commands such as SET AUDIT/LISTEN
    >> >are implemented as mailbox messages to a different audit server mailbox.

    >>
    >> I've always hated this ill-conceived interface. If the listener program
    >> dies and the listener mailbox is still defined, the AUDIT_SERVER will con-
    >> tinue to write to the mailbox until it fills; then, all hell breaks loose.

    >
    >In my experience all hell might break loose on the phones. The system
    >however tends to grind to a halt. If you aren't already logged on
    >somewhere with enough privilege, it's crash the system time :-(


    Exactly! Users get POed when they hit the carriage return at a prompt
    on a terminal or click on a button on a web form and have to wait for a
    few seconds. When the system grinds to a halt, there's mayhem and pan-
    demonium amongst the users and things can start to get ugly.

    --
    VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM

    "Well my son, life is like a beanstalk, isn't it?"

    http://tmesis.com/drat.html

  10. OT - response time (was:Re: these sshmucks are at it again...)

    In article , VAXman- @SendSpamHere.ORG wrote:
    [...]
    >Exactly! Users get POed when they hit the carriage return at a prompt
    >on a terminal or click on a button on a web form and have to wait for a
    >few seconds. When the system grinds to a halt, there's mayhem and pan-
    >demonium amongst the users and things can start to get ugly.


    Not at my current job. I'm forced to use a crappy Windows-driven web interface
    where multi-second (and sometimes multi-minute!) response times are the *norm*.
    I'm the only one who complains, because I know that the response time is
    abysmal. My peers look at me like I have six heads when I complain, and tell
    me, "This system is *so* much better than the system it replaced". (On which
    planet, I'm forced to wonder).
    [...]

  11. Re: OT - response time (was:Re: these sshmucks are at it again...)

    In article , bradhamilton@comcast.net (Brad Hamilton) writes:
    >
    >
    >In article , VAXman- @SendSpamHere.ORG wrote:
    >[...]
    >>Exactly! Users get POed when they hit the carriage return at a prompt
    >>on a terminal or click on a button on a web form and have to wait for a
    >>few seconds. When the system grinds to a halt, there's mayhem and pan-
    >>demonium amongst the users and things can start to get ugly.

    >
    >Not at my current job. I'm forced to use a crappy Windows-driven web interface
    >where multi-second (and sometimes multi-minute!) response times are the *norm*.
    >I'm the only one who complains, because I know that the response time is
    >abysmal. My peers look at me like I have six heads when I complain, and tell
    >me, "This system is *so* much better than the system it replaced". (On which
    >planet, I'm forced to wonder).


    Perhaps they are came from that backward planet called snorom.

    How many users, BTW, on said system?
    --
    VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM

    "Well my son, life is like a beanstalk, isn't it?"

    http://tmesis.com/drat.html

  12. Re: OT - response time (was:Re: these sshmucks are at it again...)

    In article <5YSni.49$sc1.42@newsfe12.lga>, VAXman- @SendSpamHere.ORG wrote:
    >In article , bradhamilton@comcast.net (Brad Hamilton) writes:

    [...]
    >>I'm the only one who complains, because I know that the response time is
    >>abysmal. My peers look at me like I have six heads when I complain, and tell
    >>me, "This system is *so* much better than the system it replaced". (On which
    >>planet, I'm forced to wonder).

    >
    >Perhaps they are came from that backward planet called snorom.
    >
    >How many users, BTW, on said system?


    Approximately 30 "local" and 150 "remote" (think WAN) users; of course, not all
    are using the system at the same time. Back-end is some kind of Windows
    Server, and some flavor of SQL serves as the DB engine.

    Of course, the response problem could really be the network, rather than the
    system itself, but the Windows interface is poorly thought-out and designed
    (worst feature are drop-down lists which "self-complete" values *by default*,
    which makes it harder to enter proper medical procedure and diagnostic codes.
    These fields should absolutely *not* "self-complete" upon partial code entry!).

    This "feature" is the most egregious of numerous poor layout and interface
    choices. Whoever designed this system had *no* clue about proper human
    interface design.
    [...]

  13. Re: OT - response time (was:Re: these sshmucks are at it again...)

    On Jul 19, 7:02 pm, VAXman- @SendSpamHere.ORG wrote:
    > In article , bradhamil...@comcast.net (Brad Hamilton) writes:
    >
    >
    >
    > >In article , VAXman- @SendSpamHere.ORG wrote:
    > >[...]
    > >>Exactly! Users get POed when they hit the carriage return at a prompt
    > >>on a terminal or click on a button on a web form and have to wait for a
    > >>few seconds. When the system grinds to a halt, there's mayhem and pan-
    > >>demonium amongst the users and things can start to get ugly.

    >
    > >Not at my current job. I'm forced to use a crappy Windows-driven web interface
    > >where multi-second (and sometimes multi-minute!) response times are the *norm*.
    > >I'm the only one who complains, because I know that the response time is
    > >abysmal. My peers look at me like I have six heads when I complain, and tell
    > >me, "This system is *so* much better than the system it replaced". (On which
    > >planet, I'm forced to wonder).

    >
    > Perhaps they are came from that backward planet called snorom.
    >


    Or maybe it's a Slowsky family business? IRT a Comcast ad campaign (in
    the US) staring two turtles who "love" their DSL link because Comcast
    high-speed is just too fast.

    There's even a Slowsky web-site & blog that's good for a chuckle or
    two.



    Disclaimer: None needed. I don't don't work for Comcast, I'm not
    connected with their advertising. I don't use Comcast (they don't even
    offer service to my area, but they just bought our regional cable
    provider so I guess I'll be dealing with them next year) but the ad
    campaign is great.


  14. Re: these sshmucks are at it again...

    On 18 Jul, 23:38, moro...@world.std.spaamtrap.com (Michael Moroney)
    wrote:
    > What's stopping me from the final touch and give it to you:
    > Being busy, and writing a simple LIB$SPAWN to do either a:
    > $ TCPIP SET COMMUNICATION/REJECT=ip.add.re.ss or
    > $ TCPIP SET ROUTE ip.add.re.ss /GATEWAY=black.hole or something, and
    > a LIB$SPAWN to do a SET AUDIT, plus cleanup. The hard part is done
    > and working.


    I'd advise against "ucx set comm/reject", it's limited to 32
    addresses, the number of attacks (or co-ordinated attacked from
    multiple addresses), at once could go beyond that. HP have also
    publically stated that the number will not be increased 'any time
    soon'.

    If you're planning on leaving the addresses in and not timing them
    out, it certainly will. Personally I'd like to see the code optionally
    observe the LGI system params for adding/removing the blocking.

    A better place for this functionality would of course be in VMS / TCP/
    IP Services fully linked in with sys$scan_intrusion / SYS$ACM, but
    given the general lack of attention to security in VMS and TCP/IP
    Services, I'm not holding my breath. Even hpux (with the recent HIDS)
    other *nixs are making more of an effort to inovate with security now.

    You can now however use ifconfig filter, see below for an example,
    that supports a much higher number of entries (see tcpip$examples:if.h
    for the exact size). You can also do the ifconfig programatically
    (probably getifaddrs).

    $ ucx ping bbc.co.uk
    PING bbc.co.uk (212.58.224.131): 56 data bytes
    64 bytes from 212.58.224.131: icmp_seq=0 ttl=123 time=15 ms
    64 bytes from 212.58.224.131: icmp_seq=1 ttl=123 time=14 ms
    64 bytes from 212.58.224.131: icmp_seq=2 ttl=123 time=14 ms
    64 bytes from 212.58.224.131: icmp_seq=3 ttl=123 time=14 ms


    ----bbc.co.uk PING Statistics----
    4 packets transmitted, 4 packets received, 0% packet loss
    round-trip (ms) min/avg/max = 14/14/15 ms
    $
    $
    $ type tcpip$etc:ifaccess.conf
    #
    we0 bbc.co.uk 255.255.255.255 denylog
    $
    $ ucx ifconfig we0 filter
    Reading filters from tcpip$etc:ifaccess.conf
    we0 212.58.224.131 255.255.255.255 denylog - filter added
    $
    $ ucx ping bbc.co.uk
    PING bbc.co.uk (212.58.224.131): 56 data bytes
    %%%%%%%%%%% OPCOM 20-JUL-2007 12:35:30.91 %%%%%%%%%%%
    Message from user INTERnet on xxxxxx
    ipintr: IP addr 212.58.224.131 on WE0: access denied

    %%%%%%%%%%% OPCOM 20-JUL-2007 12:35:31.91 %%%%%%%%%%%
    Message from user INTERnet on xxxxxx
    ipintr: IP addr 212.58.224.131 on WE0: access denied

    %%%%%%%%%%% OPCOM 20-JUL-2007 03:35:32.91 %%%%%%%%%%%
    Message from user INTERnet on xxxxxx
    ipintr: IP addr 212.58.224.131 on WE0: access denied

    %%%%%%%%%%% OPCOM 20-JUL-2007 12:35:33.91 %%%%%%%%%%%
    Message from user INTERnet on xxxxxx
    ipintr: IP addr 212.58.224.131 on WE0: access denied



    ----bbc.co.uk PING Statistics----
    4 packets transmitted, 0 packets received, 100% packet loss
    %SYSTEM-F-TIMEOUT, device timeout
    $


    Alex


  15. Re: OT - response time (was:Re: these sshmucks are at it again...)

    In article , bradhamilton@comcast.net (Brad Hamilton) writes:
    >
    >
    >In article <5YSni.49$sc1.42@newsfe12.lga>, VAXman- @SendSpamHere.ORG wrote:
    >>In article , bradhamilton@comcast.net (Brad Hamilton) writes:

    >[...]
    >>>I'm the only one who complains, because I know that the response time is
    >>>abysmal. My peers look at me like I have six heads when I complain, and tell
    >>>me, "This system is *so* much better than the system it replaced". (On which
    >>>planet, I'm forced to wonder).

    >>
    >>Perhaps they are came from that backward planet called snorom.
    >>
    >>How many users, BTW, on said system?

    >
    >Approximately 30 "local" and 150 "remote" (think WAN) users; of course, not all
    >are using the system at the same time. Back-end is some kind of Windows
    >Server, and some flavor of SQL serves as the DB engine.
    >
    >Of course, the response problem could really be the network, rather than the
    >system itself, but the Windows interface is poorly thought-out and designed
    >(worst feature are drop-down lists which "self-complete" values *by default*,
    >which makes it harder to enter proper medical procedure and diagnostic codes.
    >These fields should absolutely *not* "self-complete" upon partial code entry!).
    >
    >This "feature" is the most egregious of numerous poor layout and interface
    >choices. Whoever designed this system had *no* clue about proper human
    >interface design.
    >[...]


    Perhaps you can contact me off-line. I'm curious about the interface and
    your slow-down. I know a site with close to the same numbers served over
    a T1 and it need to SQLquery other sites and it isn't that slow. As for
    the interface design, it sounds like it fell out of a well-littered field
    of M$ front-page extensions.

    --
    VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM

    "Well my son, life is like a beanstalk, isn't it?"

    http://tmesis.com/drat.html

  16. Re: these sshmucks are at it again...

    "AlexNOSPAMDaniels@themail.co.uk" writes:

    >I'd advise against "ucx set comm/reject", it's limited to 32
    >addresses, the number of attacks (or co-ordinated attacked from
    >multiple addresses), at once could go beyond that. HP have also
    >publically stated that the number will not be increased 'any time
    >soon'.


    I know about that, and that is a problem. I was playing with the idea
    of setting the route via a blackhole (nonexistant) IP router which is
    nearly unlimited as to the number of entries, but it's hard to make
    generic, since the blackhole router has to be "reachable" on your local
    LAN.

    >You can now however use ifconfig filter, see below for an example,
    >that supports a much higher number of entries (see tcpip$examples:if.h
    >for the exact size). You can also do the ifconfig programatically
    >(probably getifaddrs).


    I did not know that existed on VMS. Thanks.

  17. OT: Mini Vans

    In article <469F6D4C.70603@comcast.net>,
    "Richard B. Gilbert" wrote:

    > If you had the perp's name and address, what could you do? Odds are
    > that he's in Peking or Singapore or is relaying through a zombie
    > somewhere. . . . This sort of **** hits the bit-bucket at my router and
    > I simply ignore it.


    From another angle, it could be a PC within your network that has a
    terminal emulator pointing at the wrong system. Ditto for an SFTP job
    etc.

    --
    Paul Sture

  18. Re: these sshmucks are at it again...

    On Fri, 20 Jul 2007 07:30:02 -0700, Michael Moroney
    wrote:

    > "AlexNOSPAMDaniels@themail.co.uk" writes:
    >
    >> I'd advise against "ucx set comm/reject", it's limited to 32
    >> addresses, the number of attacks (or co-ordinated attacked from
    >> multiple addresses), at once could go beyond that. HP have also
    >> publically stated that the number will not be increased 'any time
    >> soon'.

    >
    > I know about that, and that is a problem. I was playing with the idea
    > of setting the route via a blackhole (nonexistant) IP router which is
    > nearly unlimited as to the number of entries, but it's hard to make
    > generic, since the blackhole router has to be "reachable" on your local
    > LAN.

    Get a router with two NICs, like a Cisco 2621
    >
    >> You can now however use ifconfig filter, see below for an example,
    >> that supports a much higher number of entries (see tcpip$examples:if.h
    >> for the exact size). You can also do the ifconfig programatically
    >> (probably getifaddrs).

    >
    > I did not know that existed on VMS. Thanks.




    --
    PL/I for OpenVMS
    www.kednos.com

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2