[HECnet] NETMAPPER login attempts?
Zane Healy
healyzh at avanthar.com
Fri Aug 21 20:20:00 PDT 2020
I figured that it was related, though I’m not sure you’re actually getting any info out of my nodes.
%%%%%%%%%%% OPCOM 21-AUG-2020 21:47:09.28 %%%%%%%%%%% (from node LNGTOM at 21-AUG-2020 22:42:30.55)
Message from user AUDIT$SERVER on LNGTOM
Security alarm (SECURITY) and security audit (SECURITY) on LNGTOM, system id: 62101
Auditable event: Network login failure
Event time: 21-AUG-2020 22:42:30.55
PID: 2060021B
Process name: NML_8195
Username: NML$SERVER
Remote nodename: 28NH
Remote node id: 42012 (41.28)
Remote username: NETMAPPER
Status: %LOGIN-F-INVPWD, invalid password
On a mildly related note, I now have a plugin for Nagios that will let me monitor the availability of systems that only run DECnet. I’ll probably try to put together one for LAT in the near future. While I was working on it last night, it correctly alerted me to HAM being down.
Zane
> On Aug 21, 2020, at 6:04 PM, Paul Koning <paulkoning at comcast.net> wrote:
>
> Yes, that's the mapper, you can see it here: http://akdesign.dyndns.org:8080/map <http://akdesign.dyndns.org:8080/map>
>
> It sends NICE requests -- network management queries equivalent to these NCP commands:
>
> 1. show executor characteristics
> 2. show known circuits status
> 3. show active nodes status
>
> You will see this once a day, plus if there is a topology change reported to 28NH that involves your node.
>
> paul
>
>> On Aug 21, 2020, at 7:35 PM, Zane Healy <healyzh at avanthar.com <mailto:healyzh at avanthar.com>> wrote:
>>
>> Paul,
>> I’m pretty sure this is you. It’s coming from 28nh (41.28). What is it expecting? I seem to remember a discussion on this, but can’t find it in my archives.
>>
>> Thanks,
>> Zane
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sonic.net/pipermail/hecnet-list/attachments/20200821/3a08500d/attachment.html>
More information about the Hecnet-list
mailing list