HP3000-L Archives

December 2004, Week 2

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Empireclassic Network Errors
From:
Tracy Johnson <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Fri, 10 Dec 2004 23:56:27 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (358 lines) 
We added a second segment to the internal network a few weeks back because our
DHCP became too big.  x.x.a.x  so  x.x.b.x was added.

Our machine sits on x.x.a.x

Our routers (not my responsibility) had a static route saying stuff on x.x.b.x
should go to x.x.a.x (our default gateway half.)

Today our network gurus reconfigured the routers to use a subnet mask so now it
has a 255.255.254.0 mask.

Beechglen agreed and our gateway halves were also reconfigured and we bounced the
network on our machines (including Empireclassic.)

Waiting to see results of stabilization.

Also on the side, my boss hired a port scanner at (qualys) at 167.216.252.* to
hit our network this week and he didn't tell me ahead of time.  So at or near 5PM
the Empire machine saw weird things.  (The scanner was apparently told to work
after 5PM to not interfere with business.)  The scanner was requested to stop,
but he reappeared again today.  Probably word didn't get passed downward.

James Hofmeister wrote:
> Hello Tracy,
>
> Sorry, I didn't have time to investigate earlier, I am spending 110% of
> my time swimming with alligators in the telnet pools.
>
> If I saw this problem, I would tend to want to start investigating this
> problem by first looking at TCP resources, but my gut feel with the
> broad range of service level errors you are seeing is 1) Serious link
> problems with corruption above the TCP level or 2) An attempted denial
> of service attack.
>
> Check resources:
>
> nettool.net.sys;info="res;di;quit"
> nettool.net.sys;info="status;tcpstat;tcpg @;quit"
>
> Check code/patches:
>
> :nmmaint,3
> :nmmaint,6
> :nmmaint,72
> :nmmaint,73
>
> Errors:
>
>> - Error: 34; VTS protocol violation; received VTS msg exceeds maximum
>> length.
>> - VT error        : 7; UNEXPECTED/BAD RESPONSE FROM VT
>> - VT error        : 6; VTS MESSAGE HAS INVALID FORMAT
>
>
> First, this leads me to believe we are seeing packet corruption above
> the TCP level.  Recommended action is to first enable TCP Checksum in
> NMMGR!
>
> NETXPORT.GPROT.TCP
> ... [Y]       Checksum Enabled (Y For Yes, N For No)
>
> A second possible cause of the above error message is a coding/protocol
> error in a inbound connection from a "Virtual Terminal" Client software
> ~or~ an attempt by a non-VT compliant Client attempting an inbound
> connection to the VT ports.
>
> Well-Known TCP SAPs
> Service              Octal  Hex    Decimal   Listener Process
> -----------------    ------ ------ -------   --------------------------
> VT                   3001   601    1537      DSDAD {ns services}
> VTA                  3042   622    1570      DSDAD {ns services}
>
>
> More errors:
>
>> 15:55/95/CAN'T FOPEN $STDLIST IN 'STARTLOGON' ON LDEV #5. (js 131)
>> 15:55/95/CAN'T CLEANUP SOCKET ON LDEV #5. (js 89)
>> 15:55/#J661/26/Could not initialize data in path with TCP
>
>
> These errors are coming out of INETD and in the past have been
> associated with connection attempts which are disconnected/dropped prior
> to full connection establishment.
>
> This all together leads me to possibility 3) Intentional port scanning
> by a service monitoring tool or a network security evaluation tool.
>
> If this system is internet accessible and your own people are not
> running some kind of a port scanning test, I would suspect the likely
> cause is 2) An attempted denial of service attack.
>
> Regards,
>
> James Hofmeister
> Email: <first>.<last>@hp.com
> Hewlett Packard - Global Solutions Engineering (WTEC)
> P.S. My Ideals are my own, not necessarily my employers.
>
>
>
> ----- Original Message ----- From: "Tracy Johnson" <[log in to unmask]>
> To: <[log in to unmask]>
> Sent: Wednesday, December 08, 2004 5:32 PM
> Subject: [HP3000-L] Empireclassic Network Errors
>
>
>> I have several console network errors.  The "offending" address
>> I believe is in my INETDSEC "deny" list.  The others, I'm
>> looking for a clarification:
>>
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 64; Info: 0
>> - Error: 12; Error Reported by VT
>> - VT error        : 42; REMOTE NOT RESPONDING, CONNECTION CLOSED
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> ** NETIPC Internal error: Failed to allocate an address (661)
>> 15:54/#J661/26/Could not initialize data in path with TCP
>>
>>
>> 15:55/95/CAN'T FOPEN $STDLIST IN 'STARTLOGON' ON LDEV #5. (js 131)
>> 15:55/95/CAN'T CLEANUP SOCKET ON LDEV #5. (js 89)
>> 15:55/95/CAN'T FOPEN $STDLIST IN 'STARTLOGON' ON LDEV #5. (js 131)
>> 15:55/95/CAN'T CLEANUP SOCKET ON LDEV #5. (js 89)
>> 15:55/#J661/26/Could not initialize data in path with TCP
>>
>> 15:55/#J661/26/Could not initialize data in path with TCP
>>
>> 15:55/95/CAN'T FOPEN $STDLIST IN 'STARTLOGON' ON LDEV #5. (js 131)
>> 15:55/95/CAN'T CLEANUP SOCKET ON LDEV #5. (js 89)
>> 15:55/#J661/26/Could not initialize data in path with TCP
>>
>> 15:55/#J661/26/Could not initialize data in path with TCP
>>
>> ** NS/3000 NetIPC ERROR IN VT; Job: 0; PIN: 97; Info: 1
>> - Error: 42;
>> 15:55/95/CAN'T FOPEN $STDLIST IN 'STARTLOGON' ON LDEV #5. (js 131)
>> 15:55/95/CAN'T CLEANUP SOCKET ON LDEV #5. (js 89)
>> 15:55/#J661/26/Could not initialize data in path with TCP
>>
>> 15:55/95/CAN'T FOPEN $STDLIST IN 'STARTLOGON' ON LDEV #5. (js 131)
>> 15:55/95/CAN'T CLEANUP SOCKET ON LDEV #5. (js 89)
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 98; Info: 27648
>> - Error: 34; VTS protocol violation; received VTS msg exceeds maximum
>> length.
>> - Miscellaneous   : 12020
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 98; Info: 0
>> - Error: 23; Offending IP address in Info(msb) and Qualifier(lsb)
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 93; Info: 14408
>> - Error: 34; VTS protocol violation; received VTS msg exceeds maximum
>> length.
>> - Miscellaneous   : 12020
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 93; Info: 0
>> - Error: 23; Offending IP address in Info(msb) and Qualifier(lsb)
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 0
>> - Error: 12; Error Reported by VT
>> - VT error        : 7; UNEXPECTED/BAD RESPONSE FROM VT
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 79; Info: 0
>> - Error: 12; Error Reported by VT
>> - VT error        : 6; VTS MESSAGE HAS INVALID FORMAT
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 0
>> - Error: 12; Error Reported by VT
>> - VT error        : 7; UNEXPECTED/BAD RESPONSE FROM VT
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 79; Info: 1
>> - Error: 6; Port AFT Entry could not be obtained
>> - Environment err : 0
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 63; Info: 29556
>> - Error: 34; VTS protocol violation; received VTS msg exceeds maximum
>> length.
>> - Miscellaneous   : 12020
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 63; Info: 0
>> - Error: 23; Offending IP address in Info(msb) and Qualifier(lsb)
>> 15:55/#J661/26/Could not initialize data in path with TCP
>>
>>
>> 15:55/#J661/26/Could not initialize data in path with TCP
>>
>>
>> 15:55/#J661/26/Could not initialize data in path with TCP
>>
>>
>> 15:56/#J1645/78/LOGON FOR: "BATCHJOB,MGR.EMPIREBL,PUB" ON LDEV #10.
>> #J661/26/Could not initialize data in path with TCP
>> 15:56/#J661/26/Could not initialize data in path with TCP
>>
>> 15:56/#J661/26/Could not initialize data in path with TCP
>>
>> 15:56/#J1645/78/LOGOFF ON LDEV #10.
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 0
>> - Error: 12; Error Reported by VT
>> - VT error        : 7; UNEXPECTED/BAD RESPONSE FROM VT
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 79; Info: 0
>> - Error: 12; Error Reported by VT
>> - VT error        : 6; VTS MESSAGE HAS INVALID FORMAT
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 0
>> - Error: 12; Error Reported by VT
>> - VT error        : 7; UNEXPECTED/BAD RESPONSE FROM VT
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 79; Info: 1
>> - Error: 6; Port AFT Entry could not be obtained
>> - Environment err : 0
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 85; Info: 12300
>> - Error: 34; VTS protocol violation; received VTS msg exceeds maximum
>> length.
>> - Miscellaneous   : 12020
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 85; Info: 0
>> - Error: 23; Offending IP address in Info(msb) and Qualifier(lsb)
>> ** NS/3000 NetIPC ERROR IN VT; Job: 0; PIN: 81; Info: 1
>> - Error: 42;
>> 15:57/#J1640/65/LOGON FOR: "BATCHJOB,MGR.EMPIRE1,PUB" ON LDEV #10.
>> 15:57/#J1640/87/SCHEDULED JOB INTRODUCED ON LDEV #10.
>> 15:57/#J1640/65/LOGOFF ON LDEV #10.
>> ** NS/3000 NetIPC ERROR IN VT; Job: 0; PIN: 89; Info: 1
>> - Error: 42;
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 90; Info: 18245
>> - Error: 34; VTS protocol violation; received VTS msg exceeds maximum
>> length.
>> - Miscellaneous   : 12020
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 90; Info: 0
>> - Error: 23; Offending IP address in Info(msb) and Qualifier(lsb)
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 78; Info: 26980
>> - Error: 34; VTS protocol violation; received VTS msg exceeds maximum
>> length.
>> - Miscellaneous   : 12020
>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 78; Info: 0
>> - Error: 23; Offending IP address in Info(msb) and Qualifier(lsb)
>> 15:58/95/CAN'T FOPEN $STDLIST IN 'STARTLOGON' ON LDEV #5. (js 131)
>> 15:58/95/CAN'T CLEANUP SOCKET ON LDEV #5. (js 89)
>> 15:58/81/CAN'T FOPEN $STDLIST IN 'STARTLOGON' ON LDEV #11. (js 131)
>> 15:58/81/CAN'T CLEANUP SOCKET ON LDEV #11. (js 89)
>> 16:06/#J1647/50/LOGON FOR: "BATCHJOB,MGR.EMPIREBL,PUB" ON LDEV #10.
>> 16:06/#J1647/102/SCHEDULED JOB INTRODUCED ON LDEV #10.
>> 16:06/#J1647/50/LOGOFF ON LDEV #10.
>>
>> --
>> BT
>> NNNN
>>
>>
>>
>> Tracy Johnson
>> Justin Thyme Productions
>> http://hp3000.empireclassic.com/
>>
>> * To join/leave the list, search archives, change list settings, *
>> * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
>>
>
>
>


--
BT
NNNN



Tracy Johnson
Justin Thyme Productions
http://hp3000.empireclassic.com/

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2