- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: All telnet sessions tagged as intruder
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-29-2009 09:18 AM
тАО05-29-2009 09:18 AM
CYRUS> sho intru
Intrusion Type Count Expiration Source
--------- ---- ----- ---------- ------
NETWORK SUSPECT 32 29-MAY-2009 12:31:05.20 TELNET::
I'm expecting something more like this:
Intrusion Type Count Expiration Source
--------- ---- ----- ---------- ------
NETWORK SUSPECT 5 29-MAY-2009 12:36:44.78 TELNET::7F000001
I'm just looking to see if anybody else has run across this particular behavior before opening support tickets. I'm reviewing all of my Multinet information to see if the problem is on that portion. Just to keep people working, I've reduced the LGI_HID_TIM parameter to zero so nobody gets locked out, but I of course don't want to leave that setting as-is for too long even on this non-internet facing system.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-29-2009 10:48 AM
тАО05-29-2009 10:48 AM
Re: All telnet sessions tagged as intruder
1: Has this ever worked?
2: If the first answer is yes, what have you changed lately?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-29-2009 10:53 AM
тАО05-29-2009 10:53 AM
Re: All telnet sessions tagged as intruder
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-29-2009 11:18 AM
тАО05-29-2009 11:18 AM
Solutionhttp://www.multinet.process.com/scripts/eco/eco_tlb.com?MASTER_SERVER-053_A052
Has a fix for something that looks very similar to this reported case.
"- Handle mapped IPv4 addresses correctly when doing accounting so that VMS intrusion handling continues to work as it did in prior versions of MultiNet. Note that this does not address the issue for IPv6 addresses that are not IPv4 mapped addresses; support for that will require a MultiNet Kernel patch. (DE 10517 ECO MASTER_SERVER-020_A052 ECO Rank 3."
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-29-2009 11:38 AM
тАО05-29-2009 11:38 AM
Re: All telnet sessions tagged as intruder
If you are up to date on the patches, then try changing the socket-family for telnet to AF_INET:
$ multinet configure/server
SERVER-CONFIG>select telnet
SERVER-CONFIG>set socket-family AF_INET
SERVER-CONFIG>write
SERVER-CONFIG>exit
$ @multinet:start_Server restart
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-29-2009 11:42 AM
тАО05-29-2009 11:42 AM
Re: All telnet sessions tagged as intruder
I have a system that's still in staging so I can tweak it at will. I'll post an update after applying the patch to that system and testing (along with the other 15 things going on today)!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО05-29-2009 11:50 AM
тАО05-29-2009 11:50 AM
Re: All telnet sessions tagged as intruder
Thanks for the 2nd set of eyes. I REALLY suspected it was a behavior change in Multinet but just hadn't tracked it down yet. You saved me some time.
Thanks to everybody for the input!