SSH break-in attempts - VMS

This is a discussion on SSH break-in attempts - VMS ; In article , "Fred Zwarts" writes: > > DCL uses only the first four characters of verbs and qualifiers at = > maximum. > Try HELP SEAR /STAT > Not quite true. While all verbs are unique at no more ...

+ Reply to Thread
Page 2 of 3 FirstFirst 1 2 3 LastLast
Results 21 to 40 of 45

Thread: SSH break-in attempts

  1. Re: SSH break-in attempts

    In article , "Fred Zwarts" writes:
    >
    > DCL uses only the first four characters of verbs and qualifiers at =
    > maximum.
    > Try HELP SEAR /STAT
    >

    Not quite true. While all verbs are unique at no more than four
    characters, additional characters can be used to distinguish between
    symbols and verbs.

    For example, there is no LOGOUTNOW command. But I've had
    LO*GOUT == "@SYS$LOGIN:LOGOUT.COM"
    for many years. LOGOUT.COM ends with LOGOUTNOW which DCL
    regonises as not matching the symbol LO*GOUT. Then it finds that
    it does match to four characters the verb LOGOUT.

    Similarly, because so many people set up DEL*ETE == "DELETE/CONFIRM"
    (which returns a warning if you need delete/symbol), I often code
    DELETEE in DCL scripts. As in DELETEE/SYMBOL DEL, which then
    returns simple success.


  2. Re: SSH break-in attempts

    In article , koehler@eisner.nospam.encompasserve.org (Bob Koehler) writes:
    >In article , "Fred Zwarts" writes:
    >>
    >> DCL uses only the first four characters of verbs and qualifiers at =
    >> maximum.
    >> Try HELP SEAR /STAT
    >>

    > Not quite true. While all verbs are unique at no more than four
    > characters, additional characters can be used to distinguish between
    > symbols and verbs.
    >
    > For example, there is no LOGOUTNOW command. But I've had
    > LO*GOUT == "@SYS$LOGIN:LOGOUT.COM"
    > for many years. LOGOUT.COM ends with LOGOUTNOW which DCL
    > regonises as not matching the symbol LO*GOUT. Then it finds that
    > it does match to four characters the verb LOGOUT.
    >
    > Similarly, because so many people set up DEL*ETE == "DELETE/CONFIRM"
    > (which returns a warning if you need delete/symbol), I often code
    > DELETEE in DCL scripts. As in DELETEE/SYMBOL DEL, which then
    > returns simple success.


    I always repeat the last character for this purpose. I have people watching
    me type tell me that I've misspelledd DELETEE wheneverr I do thiss. It's
    for a goodd reasonn.

    --
    VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM

    .... pejorative statements of opinion are entitled to constitutional protection
    no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC)

    Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside
    of usenet _must_ include its contents in its entirety including this copyright
    notice, disclaimer and quotations.

  3. Re: SSH break-in attempts

    On 24 sep, 09:52, Jur van der Burg <"lddriver at digiater dot nl">
    wrote:
    > Here's trymsg.com.
    >
    > Jur.
    >
    > $ * * * Verif = 'F$Verify(0)
    > $ * * * If "''P1'" .nes. "" Then $ Goto Start_1
    > $ * * * Inquire P1 "Enter message code"
    > $ * * * If P1 .eqs. "" Then $ Goto Start
    > $Start_1:
    > $ * * * Found = 0
    > $ * * * Msgfil = ""
    > $Loop:
    > $ * * * Junk = F$Message(P1)
    > $ * * * If F$Extract(0,7,Junk) .Eqs. "%NONAME" Then Goto Next_File
    > $ * * * If F$Locate("-NOMSG",Junk) .Ne. F$Length(Junk) Then Goto Next_File
    > $ * * * If Msgfil .eqs. "" Then $ Goto No_File
    > $ * * * Write Sys$Output ""
    > $ * * * Write Sys$Output "From ''Msgfil'..."
    > $No_File:
    > $ * * * Write Sys$Output ""
    > $ * * * Write Sys$Output Junk
    > $ * * * Write Sys$Output ""
    > $! * * *Found = 1
    > $! * * *Goto Exit
    > $Next_File:
    > $ * * * Msgfil = F$Search("Sys$Message:*.Exe")
    > $ * * * If Msgfil .Eqs. "" Then Goto Exit
    > $ * * * Set Message 'Msgfil'
    > $write sys$output "File: ",msgfil
    > $ * * * Goto Loop
    > $Exit:
    > $ * * * If .Not. Found Then Write Sys$Output "No message found for ",P1
    > $ * * * Exit 1 + (0 * F$Verify(Verif))
    >
    >
    >
    > H Vlems wrote:
    >
    > > Ken, where is TRYMSG.COM to be found, freeware cd?
    > > Hans- Tekst uit oorspronkelijk bericht niet weergeven -

    >
    > - Tekst uit oorspronkelijk bericht weergeven -


    Dank je wel Jur.

  4. Re: SSH break-in attempts

    On Sep 21, 12:32*am, s...@antinode.info (Steven M. Schweda) wrote:
    > * *SSH break-in attempts seem to be getting more frequent these days.
    > I'm (still) using:
    >
    > * HP TCP/IP Services for OpenVMS Alpha Version V5.4 - ECO 7
    > * on a COMPAQ Professional Workstation XP1000 running OpenVMS V7.3-2
    >
    > with an SSH service limit of 64, which helps to limit the duration of a
    > typical attack, because the attackers appear to leave connections open
    > long enough to hit the limit. *After an OPCOM message like: "INTERnet
    > ACP SSH Reject Request - service limit - from Host: 210.48.157.82 Port:
    > 45443", the attack ends, and then, over a period of some minutes, the
    > connections are cleared out, so normal operation can resume.
    >
    > * *With a higher service limit, the attacks run longer, wasting
    > resources. *With a smaller limit, an attack becomes a (temporary) denial
    > of service, until some of the connections dissipate.
    >
    > * *It seems to me that a useful feature would be a per-IP-address
    > connection limit. *I could easily live with no more than, say, 16 SSH
    > connections from any particular IP address, and if an attacker hit that
    > kind of limit, it would not interfere with connections coming from more
    > legitimate sources.
    >
    > * *Anyone else think that this might be useful? *(Or is it already in
    > some new TCPIP version?)
    >
    > ------------------------------------------------------------------------
    >
    > * *Steven M. Schweda * * * * * * * sms@antinode-info
    > * *382 South Warwick Street * * * *(+1) 651-699-9818
    > * *Saint Paul *MN *55105-2547


    Just an FYI, from SANS last week

    http://isc.sans.org/diary.html?storyid=5047


  5. Re: SSH break-in attempts

    Jan-Erik Söderholm wrote:
    > Alan Frisbie wrote:
    >> Peter Weaver wrote:


    >>> $ search TCPIP$SSH_RUN.LOG;* 'sysrem_node /status


    >> I have never seen the /Status switch on Search before,

    >
    > There isn't any. Should be /STATISTICS.
    > On 8.3 /STATISTICS now creates a few symbols...


    I have gone through the v8.3 DCL manual, the Release Notes,
    and the New Features manual, and the HELP facility, but
    cannot find anything about the symbols. I must be blind.
    Where is this feature documented?

    Also, has anyone come up with something similar to this
    "tarpit" feature for FTP connections? My day would be
    complete if I could eliminate that group of script kiddies.

    Thanks,
    Alan

  6. Re: SSH break-in attempts

    Alan Frisbie wrote:
    > Jan-Erik Söderholm wrote:
    >> Alan Frisbie wrote:
    >>> Peter Weaver wrote:

    >
    >>>> $ search TCPIP$SSH_RUN.LOG;* 'sysrem_node /status

    >
    >>> I have never seen the /Status switch on Search before,

    >>
    >> There isn't any. Should be /STATISTICS.
    >> On 8.3 /STATISTICS now creates a few symbols...

    >
    > I have gone through the v8.3 DCL manual, the Release Notes,
    > and the New Features manual, and the HELP facility, but
    > cannot find anything about the symbols. I must be blind.
    > Where is this feature documented?


    The only sign of documentation I found when looking
    through the 8.3 manuals was this in table 2-1 on
    page 2-1 in the "New Features" manual :

    SEARCH : /STATISTICS qualifier now defines several DCL
    symbols with the statistics information.

    I havn't been able to check $HELP SEARCH on a 8.3 system...

    Jan-Erik.


  7. Re: SSH break-in attempts

    Jan-Erik Söderholm wrote:

    > SEARCH : /STATISTICS qualifier now defines several DCL
    > symbols with the statistics information.
    >
    > I havn't been able to check $HELP SEARCH on a 8.3 system...


    I have. And it is not mentioned. But a test reveals:

    $search /stat systartup_vms.com start
    $ show symbol/local *
    SEARCH$CHARACTERS_SEARCHED = "8857"
    SEARCH$FILES_SEARCHED = "1"
    SEARCH$LINES_PRINTED = "48"
    SEARCH$RECORDS_MATCHED = "48"
    SEARCH$RECORDS_SEARCHED = "316"

  8. Re: SSH break-in attempts

    "Bob Koehler" wrote in message news:FxQU2NFA7vzk@eisner.encompasserve.org...
    > In article , "Fred Zwarts" writes:
    >>
    >> DCL uses only the first four characters of verbs and qualifiers at =
    >> maximum.
    >> Try HELP SEAR /STAT
    >>

    > Not quite true. While all verbs are unique at no more than four
    > characters, additional characters can be used to distinguish between
    > symbols and verbs.
    >
    > For example, there is no LOGOUTNOW command. But I've had
    > LO*GOUT == "@SYS$LOGIN:LOGOUT.COM"
    > for many years. LOGOUT.COM ends with LOGOUTNOW which DCL
    > regonises as not matching the symbol LO*GOUT. Then it finds that
    > it does match to four characters the verb LOGOUT.
    >
    > Similarly, because so many people set up DEL*ETE == "DELETE/CONFIRM"
    > (which returns a warning if you need delete/symbol), I often code
    > DELETEE in DCL scripts. As in DELETEE/SYMBOL DEL, which then
    > returns simple success.


    I was speaking about verbs and qualifiers, not about symbols.
    For symbols the 4 character limit is not used.
    Anyhow, instead of using LOGOUTNOW, you could also use LOGON,
    which will log you out. It demonstrates better that only four characters
    are used for verbs.

    Instead of changing verbs in scripts, the recommended method is to
    use SET SYMBOL /SCOPE=(NOLOCAL,NOGLOBAL).
    Of course it might be needed to work around the case that SET is
    defined as a symbol, but that is left as an exercise for the reader.

  9. Re: SSH break-in attempts

    -- snip --
    On Wed, 24 Sep 2008 14:57:13 -0700, Rich Jordan wrote:

    >> It seems to me that a useful feature would be a per-IP-address
    >> connection limit. I could easily live with no more than, say, 16 SSH
    >> connections from any particular IP address, and if an attacker hit that
    >> kind of limit, it would not interfere with connections coming from more
    >> legitimate sources.
    >>
    >> Anyone else think that this might be useful? (Or is it already in
    >> some new TCPIP version?)
    >>
    >> ------------------------------------------------------------------------
    >>
    >> Steven M. Schweda sms@antinode-info
    >> 382 South Warwick Street (+1) 651-699-9818
    >> Saint Paul MN 55105-2547

    > Just an FYI, from SANS last week
    > http://isc.sans.org/diary.html?storyid=5047


    is anyone using this list with TCPIP?


    --
    PL/I for OpenVMS
    www.kednos.com

  10. Re: SSH break-in attempts

    Out of curiosity, what versions of SSH are supported by VMS's various
    IP stacks? I hope everyone here knows that Version 1 should always
    be disabled.

    bill

    --
    Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
    billg999@cs.scranton.edu | and a sheep voting on what's for dinner.
    University of Scranton |
    Scranton, Pennsylvania | #include

  11. Re: SSH break-in attempts

    On 25 sep, 17:20, billg...@cs.uofs.edu (Bill Gunshannon) wrote:
    > Out of curiosity, what versions of SSH are supported by VMS's various
    > IP stacks? *I hope everyone here knows that Version 1 should always
    > be disabled.
    >
    > bill
    >
    > --
    > Bill Gunshannon * * * * *| *de-moc-ra-cy (di mok' ra see) n. *Three wolves
    > billg...@cs.scranton.edu | *and a sheep voting on what's for dinner.
    > University of Scranton * |
    > Scranton, Pennsylvania * | * * * * #include *


    OK, I'll admit my ignorance :-) I thought I had just one problem after
    upgrading to TCPIP V5.7,
    apparently I've got (at least) two...
    1) I can no longer use PuTTY in SSH mode after the upgrade
    2) how do I disable Version 1?
    Hans

  12. Re: SSH break-in attempts

    In article <147c1142-726e-4d89-9389-8f96394f0a17@s50g2000hsb.googlegroups.com>,
    H Vlems writes:
    > On 25 sep, 17:20, billg...@cs.uofs.edu (Bill Gunshannon) wrote:
    >> Out of curiosity, what versions of SSH are supported by VMS's various
    >> IP stacks? *I hope everyone here knows that Version 1 should always
    >> be disabled.
    >>

    > OK, I'll admit my ignorance :-) I thought I had just one problem after
    > upgrading to TCPIP V5.7,
    > apparently I've got (at least) two...
    > 1) I can no longer use PuTTY in SSH mode after the upgrade
    > 2) how do I disable Version 1?


    Asking the wrong person. I have never used SSH on VMS which is why I asked
    the question. What I do no is there are serious holes in SSH Version 1 and
    the fix is not patching SSH Version 1 it is abandoning it and only using
    SSH Version 2. Many systems (PUTTY included) support both and come with
    both enabled. If you have Version 1 enabled, even if you never use it,
    someone else might use it to attack your system.

    bill

    --
    Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
    billg999@cs.scranton.edu | and a sheep voting on what's for dinner.
    University of Scranton |
    Scranton, Pennsylvania | #include

  13. Re: SSH break-in attempts

    In article <147c1142-726e-4d89-9389-8f96394f0a17@s50g2000hsb.googlegroups.com>, H Vlems writes:
    >On 25 sep, 17:20, billg...@cs.uofs.edu (Bill Gunshannon) wrote:
    >> Out of curiosity, what versions of SSH are supported by VMS's various
    >> IP stacks? =A0I hope everyone here knows that Version 1 should always
    >> be disabled.
    >>
    >> bill
    >>
    >> --
    >> Bill Gunshannon =A0 =A0 =A0 =A0 =A0| =A0de-moc-ra-cy (di mok' ra see) n. =

    >=A0Three wolves
    >> billg...@cs.scranton.edu | =A0and a sheep voting on what's for dinner.
    >> University of Scranton =A0 |
    >> Scranton, Pennsylvania =A0 | =A0 =A0 =A0 =A0 #include =

    >=A0
    >
    >OK, I'll admit my ignorance :-) I thought I had just one problem after
    >upgrading to TCPIP V5.7,
    >apparently I've got (at least) two...
    >1) I can no longer use PuTTY in SSH mode after the upgrade
    >2) how do I disable Version 1?
    >Hans


    Is it that stupid "Google Groups" interface? I'm getting nauseous reading
    through all of the quoted-pukeable vomit that's been 'emeted' here lately.
    Please get a NEWSREADER and configure it properly to output TEXT. Thanks!

    --
    VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM

    .... pejorative statements of opinion are entitled to constitutional protection
    no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC)

    Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside
    of usenet _must_ include its contents in its entirety including this copyright
    notice, disclaimer and quotations.

  14. Re: SSH break-in attempts

    Peter Weaver wrote:

    > $! To control the purging of .LOG files edit SYS$SYSTEM:TCPIP$SSH_RUN.COM
    > $! I have modified SYS$SYSTEM:TCPIP$SSH_RUN.COM to keep any log created in
    > $! the past 14 days.


    Since the default is /Keep=5, this is very important if you want
    this procedure to work as intended. I just changed mine to /Keep=50

    Also, if you have had your system connected to the Internet for a
    while, you will find that the log files have topped out at version
    32767 and no new ones are being created. Time to delete them all
    and start over.

    Another thing to note when using this procedure (as I have learned
    in the last two days) is that the script kiddies will fire off five
    or ten simultaneous SSH threads. Thus, you will have five or ten
    log files with no records in them yet. Given that each one gives
    them three attempts to guess the password, you will get a lot of
    alarms before the rate limiting kicks in. But when those log files
    are closed/flushed, boy do they hit a brick wall! :-)

    I changed mine from a linear increase to an exponential increase
    (limited by integer DCL arithmetic):

    $ seconds = number_of_times * (number_of_times / 2)

    At first I left off the "/2", but decided that was a bit *too*
    aggressive. :-)

    All in all, I am very happy with this procedure!

    Now I just wish for a similar one for FTP.

    Thanks,
    Alan

  15. Re: SSH break-in attempts

    On Sep 25, 10:19*pm, billg...@cs.uofs.edu (Bill Gunshannon) wrote:
    > In article <147c1142-726e-4d89-9389-8f96394f0...@s50g2000hsb.googlegroups..com>,
    > * * * * H Vlems writes:
    >
    > > On 25 sep, 17:20, billg...@cs.uofs.edu (Bill Gunshannon) wrote:
    > >> Out of curiosity, what versions of SSH are supported by VMS's various
    > >> IP stacks? *I hope everyone here knows that Version 1 should always
    > >> be disabled.

    >
    > > OK, I'll admit my ignorance :-) I thought I had just one problem after
    > > upgrading to TCPIP V5.7,
    > > apparently I've got (at least) two...
    > > 1) I can no longer use PuTTY in SSH mode after the upgrade
    > > 2) how do I disable Version 1?

    >
    > Asking the wrong person. *I have never used SSH on VMS which is why I asked
    > the question. *What I do no is there are serious holes in SSH Version 1and
    > the fix is not patching SSH Version 1 it is abandoning it and only using
    > SSH Version 2. *Many systems (PUTTY included) support both and come with
    > both enabled. *If you have Version 1 enabled, even if you never use it,
    > someone else might use it to attack your system. *
    >
    > bill
    >
    > --
    > Bill Gunshannon * * * * *| *de-moc-ra-cy (di mok' ra see) n. *Three wolves
    > billg...@cs.scranton.edu | *and a sheep voting on what's for dinner.
    > University of Scranton * |
    > Scranton, Pennsylvania * | * * * * #include *


    See Section 3.10.1 of TCPIP Release notes for V5.6
    CERT-2001-35 OpenVMS is not vulnerable. Affects SSH Version 1 only,
    which is not supported.
    Could not find any mention in the V5.4 Release notes

    Mike
    http://alpha.mike-r.com/

  16. Re: SSH break-in attempts

    On Sep 25, 1:27*am, Alan Frisbie
    wrote:
    > Jan-Erik Söderholm wrote:
    > > Alan Frisbie wrote:


    >
    > Also, has anyone come up with something similar to this
    > "tarpit" feature for FTP connections? * My day would be
    > complete if I could eliminate that group of script kiddies.
    >
    > Thanks,
    > Alan


    No tarpit, but why not just close FTP e.g.
    $tcpip show service ftp /full

    Service: FTP
    State: Enabled
    Port: 21 Protocol: TCP Address:
    0.0.0.0
    Inactivity: 5 User_name: TCPIP$FTP Process: TCPIP
    $FTP
    Limit: 1 Active: 0 Peak: 1
    ....
    Security
    Reject msg: FTP access is closed. Use SFTP.

    Accept host: XXXX.co.il
    Accept netw: 10.0.0.0:255.0.0.

    Mike
    http://alpha.mike-r.com/

  17. Re: SSH break-in attempts

    In article ,
    Mike R writes:
    > On Sep 25, 10:19*pm, billg...@cs.uofs.edu (Bill Gunshannon) wrote:
    >> In article <147c1142-726e-4d89-9389-8f96394f0...@s50g2000hsb.googlegroups.com>,
    >> * * * * H Vlems writes:
    >>
    >> > On 25 sep, 17:20, billg...@cs.uofs.edu (Bill Gunshannon) wrote:
    >> >> Out of curiosity, what versions of SSH are supported by VMS's various
    >> >> IP stacks? *I hope everyone here knows that Version 1 should always
    >> >> be disabled.

    >>
    >> > OK, I'll admit my ignorance :-) I thought I had just one problem after
    >> > upgrading to TCPIP V5.7,
    >> > apparently I've got (at least) two...
    >> > 1) I can no longer use PuTTY in SSH mode after the upgrade
    >> > 2) how do I disable Version 1?

    >>
    >> Asking the wrong person. *I have never used SSH on VMS which is why I asked
    >> the question. *What I do no is there are serious holes in SSH Version 1 and
    >> the fix is not patching SSH Version 1 it is abandoning it and only using
    >> SSH Version 2. *Many systems (PUTTY included) support both and come with
    >> both enabled. *If you have Version 1 enabled, even if you never use it,
    >> someone else might use it to attack your system. *
    >>
    >> bill
    >>
    >> --
    >> Bill Gunshannon * * * * *| *de-moc-ra-cy (di mok' ra see) n. *Three wolves
    >> billg...@cs.scranton.edu | *and a sheep voting on what's for dinner.
    >> University of Scranton * |
    >> Scranton, Pennsylvania * | * * * * #include *

    > See Section 3.10.1 of TCPIP Release notes for V5.6
    > CERT-2001-35 OpenVMS is not vulnerable. Affects SSH Version 1 only,
    > which is not supported.
    > Could not find any mention in the V5.4 Release notes
    > Mike
    > http://alpha.mike-r.com/


    Thanks, that's good to know.

    bill

    --
    Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
    billg999@cs.scranton.edu | and a sheep voting on what's for dinner.
    University of Scranton |
    Scranton, Pennsylvania | #include

  18. Re: SSH break-in attempts

    In article <00A802AF.F7912D00@sendspamhere.org>,
    VAXman- @SendSpamHere.ORG writes:
    > In article <147c1142-726e-4d89-9389-8f96394f0a17@s50g2000hsb.googlegroups.com>, H Vlems writes:
    >>On 25 sep, 17:20, billg...@cs.uofs.edu (Bill Gunshannon) wrote:
    >>> Out of curiosity, what versions of SSH are supported by VMS's various
    >>> IP stacks? =A0I hope everyone here knows that Version 1 should always
    >>> be disabled.
    >>>
    >>> bill
    >>>
    >>> --
    >>> Bill Gunshannon =A0 =A0 =A0 =A0 =A0| =A0de-moc-ra-cy (di mok' ra see) n. =

    >>=A0Three wolves
    >>> billg...@cs.scranton.edu | =A0and a sheep voting on what's for dinner.
    >>> University of Scranton =A0 |
    >>> Scranton, Pennsylvania =A0 | =A0 =A0 =A0 =A0 #include =

    >>=A0
    >>
    >>OK, I'll admit my ignorance :-) I thought I had just one problem after
    >>upgrading to TCPIP V5.7,
    >>apparently I've got (at least) two...
    >>1) I can no longer use PuTTY in SSH mode after the upgrade
    >>2) how do I disable Version 1?
    >>Hans

    >
    > Is it that stupid "Google Groups" interface? I'm getting nauseous reading
    > through all of the quoted-pukeable vomit that's been 'emeted' here lately.
    > Please get a NEWSREADER and configure it properly to output TEXT. Thanks!
    >


    It ain't me, something else must have butchered my posting. I use Knews
    on a BSD box and get/send my from thru news.individual.de. I wouldn't
    even consider Google Groups as a News service at all.

    bill

    --
    Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
    billg999@cs.scranton.edu | and a sheep voting on what's for dinner.
    University of Scranton |
    Scranton, Pennsylvania | #include

  19. RE: SSH break-in attempts

    >...
    > Another thing to note when using this procedure (as I have learned
    > in the last two days) is that the script kiddies will fire off five
    > or ten simultaneous SSH threads. Thus, you will have five or ten
    > log files with no records in them yet. Given that each one gives
    > them three attempts to guess the password, you will get a lot of
    > alarms before the rate limiting kicks in. But when those log files
    > are closed/flushed, boy do they hit a brick wall! :-)


    My original goal was to tie the hacker's machine up waiting for the prompt
    rather than stopping them. I have logged over 63,000 break-in attempts but
    they only hit a valid username 165 times so I am not worried about one of
    these idiots getting in. When I first created this I was disappointed to see
    that the attackers give up so early in the attack. But if you want them to
    go away faster you can try adding a "SET OUTPUT_RATE=00:00:02" to the
    LOGIN.COM and see if that helps.

    >...
    > Now I just wish for a similar one for FTP.
    >...


    I very seldom see FTP attacks. POP attacks were more common when I had the
    POP port opened on the firewall, but I had to close that because of the huge
    security whole JF keeps mentioning but HP keeps ignoring. I use HG_FTP
    because it plays with Windows user better than HP's FTP so I don't know if a
    similar technique would work with HP's FTP.


    Peter Weaver
    www.weaverconsulting.ca www.openvmsvirtualization.com
    www.vaxvirtualization.com www.alphavirtualization.com
    Winner of the 2007 OpenVMS.org Readers' Choice Award for System
    Management/Performance


  20. Re: SSH break-in attempts

    In article <6k40k1F61advU2@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes:
    >In article <00A802AF.F7912D00@sendspamhere.org>,
    > VAXman- @SendSpamHere.ORG writes:
    >> In article <147c1142-726e-4d89-9389-8f96394f0a17@s50g2000hsb.googlegroups.com>, H Vlems writes:
    >>>On 25 sep, 17:20, billg...@cs.uofs.edu (Bill Gunshannon) wrote:
    >>>> Out of curiosity, what versions of SSH are supported by VMS's various
    >>>> IP stacks? =A0I hope everyone here knows that Version 1 should always
    >>>> be disabled.
    >>>>
    >>>> bill
    >>>>
    >>>> --
    >>>> Bill Gunshannon =A0 =A0 =A0 =A0 =A0| =A0de-moc-ra-cy (di mok' ra see) n. =
    >>>=A0Three wolves
    >>>> billg...@cs.scranton.edu | =A0and a sheep voting on what's for dinner.
    >>>> University of Scranton =A0 |
    >>>> Scranton, Pennsylvania =A0 | =A0 =A0 =A0 =A0 #include =
    >>>=A0
    >>>
    >>>OK, I'll admit my ignorance :-) I thought I had just one problem after
    >>>upgrading to TCPIP V5.7,
    >>>apparently I've got (at least) two...
    >>>1) I can no longer use PuTTY in SSH mode after the upgrade
    >>>2) how do I disable Version 1?
    >>>Hans

    >>
    >> Is it that stupid "Google Groups" interface? I'm getting nauseous reading
    >> through all of the quoted-pukeable vomit that's been 'emeted' here lately.
    >> Please get a NEWSREADER and configure it properly to output TEXT. Thanks!
    >>

    >
    >It ain't me, something else must have butchered my posting. I use Knews
    >on a BSD box and get/send my from thru news.individual.de. I wouldn't
    >even consider Google Groups as a News service at all.


    I know. Your posts are fine. However, one of yours had been quoted and
    converted to quoted-pukeable.


    --
    VAXman- A Bored Certified VMS Kernel Mode Hacker VAXman(at)TMESIS(dot)COM

    .... pejorative statements of opinion are entitled to constitutional protection
    no matter how extreme, vituperous, or vigorously expressed they may be. (NJSC)

    Copr. 2008 Brian Schenkenberger. Publication of _this_ usenet article outside
    of usenet _must_ include its contents in its entirety including this copyright
    notice, disclaimer and quotations.

+ Reply to Thread
Page 2 of 3 FirstFirst 1 2 3 LastLast