[HECnet] Where is this login attempt coming from?
Sampsa Laine
sampsa at mac.com
Sat Nov 30 14:27:43 PST 2013
On 30 Nov 2013, at 22:25, "Brian Schenkenberger, VAXman-" <system at TMESIS.COM> wrote:
Sampsa Laine <sampsa at mac.com> writes:
On 30 Nov 2013, at 22:07, "Brian Schenkenberger, VAXman-" =
<system at TMESIS.COM> wrote:
Sampsa Laine <sampsa at mac.com> writes:
=20
Just saw this on LABVAX:
=20
%%%%%%%%%%% OPCOM 30-NOV-2013 21:28:47.27 %%%%%%%%%%%
Message from user AUDIT$SERVER on LABVAX
Security alarm (SECURITY) and security audit (SECURITY) on LABVAX, =3D
system id: 48683
Auditable event: Local interactive login failure
Event time: 30-NOV-2013 21:28:47.21
PID: 22E00220 =3D20
Process name: _NTY215: =3D20
Username: <login> =3D20
Process owner: [SYSTEM]
Terminal name: _NTY215:, =
122.138.48.116.static.netvigator.com
Image name: =3D
$77$DUA0:[SYS10.SYSCOMMON.][SYSEXE]LOGINOUT.EXE
Status: %LOGIN-F-CMDINPUT, error reading command =
input
=20
Confused as it doesn't look like a telnet logon, I thought telnet =3D
terminal IDs were TN-something?
=20
sampsa <sampsa at mac.com>
mobile +44 7961 149465
=20
Multinet installed???
=20
Yup lol. I'm an idiot. Actually why is a Telnet login marked as LOCAL =
when it's marked REMOTE by UCX/TCP/IP Services?
Sampsa
I do believe there's a Multinet Server parameter to change that. Personally,
I believe it SHOULD be remote. It's one way I keep accounts safe; access to
accounts on my system to not maintain REMOTE or DIALUP.
Ok thanks - I was noticing this in my ArcSight monitoring box, DECNET connections were marked as network / remote but tcp/ip were local. Need to change that param at some point..
sampsa
More information about the Hecnet-list
mailing list