- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- TCPIP services for OpenVMS Alpha V5.4 ECO 4
Operating System - OpenVMS
1753862
Members
7431
Online
108809
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-14-2007 07:15 AM
тАО06-14-2007 07:15 AM
Why am I seeing '1471 embryonic connections dropped' just minutes after zeroing the TCP protocol counters.
I also noticed that $ sho user/full shows:
Username Process Name PID Terminal
OpenVMS User Processes at 14-JUN-2007
Total number of users = 86, number of processes = 151
Username Process Name PID Terminal
_TNA585: 0013D4CD TNA585:
(Host: d-d2s1n41.wst.corproot.com Port: 1049)
_TNA586: 001664D0 TNA586:
(Host: d-lkvgw1z.wst.corproot.com Port: 2609)
_TNA587: 001604D1 TNA587:
(Host: d-lkkzk77.wst.corproot.com Port: 2850)
_TNA588: 0006D4D2 TNA588:
(Host: d-bkst641.wst.corproot.com Port: 3790)
_TNA589: 001204D3 TNA589:
(Host: d-lkvdy4x.wst.corproot.com Port: 3477)
_TNA590: 001964D4 TNA590:
(Host: d-lkvdy4x.wst.corproot.com Port: 3478)
_TNA591: 001744D6 TNA591:
(Host: d-l3a6677.wst.corproot.com Port: 4952)
_TNA592: 0013B4D9 TNA592:
(Host: d-lkkzk13.wst.corproot.com Port: 3045)
_TNA593: 000CF4DF TNA593:
(Host: d-lkvgp6r.wst.corproot.com Port: 4640)
_TNA594: 001794E0 TNA594:
(Host: d-lkvdt5f.wst.corproot.com Port: 4511)
_TNA595: 000864E1 TNA595:
(Host: d-lkkzh40.wst.corproot.com Port: 1983)
_TNA596: 000A04E2 TNA596:
(Host: d-lkvdz7l.wst.corproot.com Port: 2377)
_TNA597: 0006F4E3 TNA597:
(Host: d-lkvgt2g.wst.corproot.com Port: 4668)
_TNA598: 000A44E5 TNA598:
(Host: l-l3bx843.wst.corproot.com Port: 2231)
_TNA599: 001674E6 TNA599:
(Host: d-l3a6676.wst.corproot.com Port: 3783)
_TNA600: 001964E8 TNA600:
(Host: d-lkvdt5f.wst.corproot.com Port: 4512)
_TNA601: 001844E9 TNA601:
(Host: d-lkvgt1w.wst.corproot.com Port: 1299)
_TNA602: 001354EA TNA602:
(Host: d-klbhac9.wst.corproot.com Port: 2463)
_TNA603: 0004B4EB TNA603:
(Host: d-lkvgr7w.wst.corproot.com Port: 2082)
_TNA604: 000594EC TNA604:
(Host: d-lkvgr0g.wst.corproot.com Port: 2319)
ACHAMBLISS BATCH_1617 001260BA (Batch)
ACHASE ACHASE 000EF37E TNA2049:
noticed that d-lkvdy4x.wst.corproot.com as well as others have two loginout processes at consecutive port nombers.
When checking the accounting records for them they are several logfails per workstation.
I also noticed that $ sho user/full shows:
Username Process Name PID Terminal
OpenVMS User Processes at 14-JUN-2007
Total number of users = 86, number of processes = 151
Username Process Name PID Terminal
(Host: d-d2s1n41.wst.corproot.com Port: 1049)
(Host: d-lkvgw1z.wst.corproot.com Port: 2609)
(Host: d-lkkzk77.wst.corproot.com Port: 2850)
(Host: d-bkst641.wst.corproot.com Port: 3790)
(Host: d-lkvdy4x.wst.corproot.com Port: 3477)
(Host: d-lkvdy4x.wst.corproot.com Port: 3478)
(Host: d-l3a6677.wst.corproot.com Port: 4952)
(Host: d-lkkzk13.wst.corproot.com Port: 3045)
(Host: d-lkvgp6r.wst.corproot.com Port: 4640)
(Host: d-lkvdt5f.wst.corproot.com Port: 4511)
(Host: d-lkkzh40.wst.corproot.com Port: 1983)
(Host: d-lkvdz7l.wst.corproot.com Port: 2377)
(Host: d-lkvgt2g.wst.corproot.com Port: 4668)
(Host: l-l3bx843.wst.corproot.com Port: 2231)
(Host: d-l3a6676.wst.corproot.com Port: 3783)
(Host: d-lkvdt5f.wst.corproot.com Port: 4512)
(Host: d-lkvgt1w.wst.corproot.com Port: 1299)
(Host: d-klbhac9.wst.corproot.com Port: 2463)
(Host: d-lkvgr7w.wst.corproot.com Port: 2082)
(Host: d-lkvgr0g.wst.corproot.com Port: 2319)
ACHAMBLISS BATCH_1617 001260BA (Batch)
ACHASE ACHASE 000EF37E TNA2049:
noticed that d-lkvdy4x.wst.corproot.com as well as others have two loginout processes at consecutive port nombers.
When checking the accounting records for them they are several logfails per workstation.
Solved! Go to Solution.
6 REPLIES 6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-14-2007 09:01 AM
тАО06-14-2007 09:01 AM
Re: TCPIP services for OpenVMS Alpha V5.4 ECO 4
hi Gerald,
looks like you have external attempts attempting to get into your
system and failing. accounting can show
the time interval of the attempts. I
had that about a month ago. turns out
someone had a embedded username/pwd
in a procedure and the pwd had changed.
how this helps -Dean
looks like you have external attempts attempting to get into your
system and failing. accounting can show
the time interval of the attempts. I
had that about a month ago. turns out
someone had a embedded username/pwd
in a procedure and the pwd had changed.
how this helps -Dean
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-14-2007 11:33 AM
тАО06-14-2007 11:33 AM
Re: TCPIP services for OpenVMS Alpha V5.4 ECO 4
All you did was zero the counters?
See if you can determine what is on the other end of the connection, if you can catch one.
If the server is connected to the open internet or an intermediate firewall is passing telnet, this sort of thing is entirely normal -- telnet and ssh attacks are commonplace. If these are your hosts and are inside a network, various bots can be active in furtherance of a beachhead.
Also take a look at the software running on the clients, as there were packages around (PATHWORKS32 client?) that triggered logfails due to the way they operated. This was eons ago, and I'm fuzzy on the details.
There can also be SYN attacks which have looked like this embryonic error, and there have been cases where routers have been stomping on or have regurgitated stale sequence numbers.
See if you can determine what is on the other end of the connection, if you can catch one.
If the server is connected to the open internet or an intermediate firewall is passing telnet, this sort of thing is entirely normal -- telnet and ssh attacks are commonplace. If these are your hosts and are inside a network, various bots can be active in furtherance of a beachhead.
Also take a look at the software running on the clients, as there were packages around (PATHWORKS32 client?) that triggered logfails due to the way they operated. This was eons ago, and I'm fuzzy on the details.
There can also be SYN attacks which have looked like this embryonic error, and there have been cases where routers have been stomping on or have regurgitated stale sequence numbers.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-21-2007 03:26 AM
тАО06-21-2007 03:26 AM
Re: TCPIP services for OpenVMS Alpha V5.4 ECO 4
All the login attempts are from within the firewall and after looking into the applications running on the remote hosts I learned that there are arount 150 PC users using 'Passport 2004 Web to Host' by Zephyr to connect to this server. I tested the application from my PC and observer it's behavior and discovered it would be persistent in reconnecting to our OpenVMS server after timing out at the 'Username:' prompt. I presume the Passport 2004 application has this feature built into it. I do not know how to disable it but will be doing some research I'm sure, unless anyone has encountered this and has found a 'fix'.
Thank you for the responses.
Thank you for the responses.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-21-2007 03:45 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-22-2007 06:19 AM
тАО06-22-2007 06:19 AM
Re: TCPIP services for OpenVMS Alpha V5.4 ECO 4
Yes, it is a terminal emulator running as a web service on two two servers within our intranet. There is a setting in the Session Profile (in the Passport 2004)for 'Auto Reconnect'. It was enabled and was easily disabled. No more reconnect attempts now! Thanks for the help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО06-27-2007 03:26 AM
тАО06-27-2007 03:26 AM
Re: TCPIP services for OpenVMS Alpha V5.4 ECO 4
Problem has been solved by disabling the 'Auto Reconnect' option within the 'Session Manager' tab of the Passport 2004 Web-to-Host application running on two servers.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP