HP3000-L Archives

December 2004, Week 2

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Empireclassic Network Errors
From:
James Hofmeister <[log in to unmask]>
Reply To:
James Hofmeister <[log in to unmask]>
Date:
Sat, 11 Dec 2004 00:38:55 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (391 lines) 
Hello Tracy,

> Also on the side, my boss hired a port scanner at (qualys) at
> 167.216.252.* to hit our network this week and he didn't tell me ahead of
> time.  So at or near 5PM the Empire machine saw weird things.  (The
> scanner was apparently told to work after 5PM to not interfere with
> business.)  The scanner was requested to stop, but he reappeared again
> today.  Probably word didn't get passed downward.

I would give credit for the error messages seen on your 3000 to the port
scanner.  We have fixed a few uglies found in the past associated with tools
that scan the system for security holes.  Make sure you have the GR network
patches, especially NST@, NSS@, INT@, PTD@ installed before the next scan.

Regards,

James Hofmeister
Email: <first>.<last>@hp.com
Hewlett Packard - Global Solutions Engineering (WTEC)
P.S. My Ideals are my own, not necessarily my employers.



----- Original Message -----
From: "Tracy Johnson" <[log in to unmask]>
To: "James Hofmeister" <[log in to unmask]>
Cc: <[log in to unmask]>
Sent: Friday, December 10, 2004 11:56 PM
Subject: Re: Empireclassic Network Errors


> We added a second segment to the internal network a few weeks back because
> our DHCP became too big.  x.x.a.x  so  x.x.b.x was added.
>
> Our machine sits on x.x.a.x
>
> Our routers (not my responsibility) had a static route saying stuff on
> x.x.b.x should go to x.x.a.x (our default gateway half.)
>
> Today our network gurus reconfigured the routers to use a subnet mask so
> now it has a 255.255.254.0 mask.
>
> Beechglen agreed and our gateway halves were also reconfigured and we
> bounced the network on our machines (including Empireclassic.)
>
> Waiting to see results of stabilization.
>
> Also on the side, my boss hired a port scanner at (qualys) at
> 167.216.252.* to hit our network this week and he didn't tell me ahead of
> time.  So at or near 5PM the Empire machine saw weird things.  (The
> scanner was apparently told to work after 5PM to not interfere with
> business.)  The scanner was requested to stop, but he reappeared again
> today.  Probably word didn't get passed downward.
>
> James Hofmeister wrote:
>> Hello Tracy,
>>
>> Sorry, I didn't have time to investigate earlier, I am spending 110% of
>> my time swimming with alligators in the telnet pools.
>>
>> If I saw this problem, I would tend to want to start investigating this
>> problem by first looking at TCP resources, but my gut feel with the broad
>> range of service level errors you are seeing is 1) Serious link problems
>> with corruption above the TCP level or 2) An attempted denial of service
>> attack.
>>
>> Check resources:
>>
>> nettool.net.sys;info="res;di;quit"
>> nettool.net.sys;info="status;tcpstat;tcpg @;quit"
>>
>> Check code/patches:
>>
>> :nmmaint,3
>> :nmmaint,6
>> :nmmaint,72
>> :nmmaint,73
>>
>> Errors:
>>
>>> - Error: 34; VTS protocol violation; received VTS msg exceeds maximum
>>> length.
>>> - VT error        : 7; UNEXPECTED/BAD RESPONSE FROM VT
>>> - VT error        : 6; VTS MESSAGE HAS INVALID FORMAT
>>
>>
>> First, this leads me to believe we are seeing packet corruption above the
>> TCP level.  Recommended action is to first enable TCP Checksum in NMMGR!
>>
>> NETXPORT.GPROT.TCP
>> ... [Y]       Checksum Enabled (Y For Yes, N For No)
>>
>> A second possible cause of the above error message is a coding/protocol
>> error in a inbound connection from a "Virtual Terminal" Client software
>> ~or~ an attempt by a non-VT compliant Client attempting an inbound
>> connection to the VT ports.
>>
>> Well-Known TCP SAPs
>> Service              Octal  Hex    Decimal   Listener Process
>> -----------------    ------ ------ -------   --------------------------
>> VT                   3001   601    1537      DSDAD {ns services}
>> VTA                  3042   622    1570      DSDAD {ns services}
>>
>>
>> More errors:
>>
>>> 15:55/95/CAN'T FOPEN $STDLIST IN 'STARTLOGON' ON LDEV #5. (js 131)
>>> 15:55/95/CAN'T CLEANUP SOCKET ON LDEV #5. (js 89)
>>> 15:55/#J661/26/Could not initialize data in path with TCP
>>
>>
>> These errors are coming out of INETD and in the past have been associated
>> with connection attempts which are disconnected/dropped prior to full
>> connection establishment.
>>
>> This all together leads me to possibility 3) Intentional port scanning by
>> a service monitoring tool or a network security evaluation tool.
>>
>> If this system is internet accessible and your own people are not running
>> some kind of a port scanning test, I would suspect the likely cause is 2)
>> An attempted denial of service attack.
>>
>> Regards,
>>
>> James Hofmeister
>> Email: <first>.<last>@hp.com
>> Hewlett Packard - Global Solutions Engineering (WTEC)
>> P.S. My Ideals are my own, not necessarily my employers.
>>
>>
>>
>> ----- Original Message ----- From: "Tracy Johnson" <[log in to unmask]>
>> To: <[log in to unmask]>
>> Sent: Wednesday, December 08, 2004 5:32 PM
>> Subject: [HP3000-L] Empireclassic Network Errors
>>
>>
>>> I have several console network errors.  The "offending" address
>>> I believe is in my INETDSEC "deny" list.  The others, I'm
>>> looking for a clarification:
>>>
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 64; Info: 0
>>> - Error: 12; Error Reported by VT
>>> - VT error        : 42; REMOTE NOT RESPONDING, CONNECTION CLOSED
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> ** NETIPC Internal error: Failed to allocate an address (661)
>>> 15:54/#J661/26/Could not initialize data in path with TCP
>>>
>>>
>>> 15:55/95/CAN'T FOPEN $STDLIST IN 'STARTLOGON' ON LDEV #5. (js 131)
>>> 15:55/95/CAN'T CLEANUP SOCKET ON LDEV #5. (js 89)
>>> 15:55/95/CAN'T FOPEN $STDLIST IN 'STARTLOGON' ON LDEV #5. (js 131)
>>> 15:55/95/CAN'T CLEANUP SOCKET ON LDEV #5. (js 89)
>>> 15:55/#J661/26/Could not initialize data in path with TCP
>>>
>>> 15:55/#J661/26/Could not initialize data in path with TCP
>>>
>>> 15:55/95/CAN'T FOPEN $STDLIST IN 'STARTLOGON' ON LDEV #5. (js 131)
>>> 15:55/95/CAN'T CLEANUP SOCKET ON LDEV #5. (js 89)
>>> 15:55/#J661/26/Could not initialize data in path with TCP
>>>
>>> 15:55/#J661/26/Could not initialize data in path with TCP
>>>
>>> ** NS/3000 NetIPC ERROR IN VT; Job: 0; PIN: 97; Info: 1
>>> - Error: 42;
>>> 15:55/95/CAN'T FOPEN $STDLIST IN 'STARTLOGON' ON LDEV #5. (js 131)
>>> 15:55/95/CAN'T CLEANUP SOCKET ON LDEV #5. (js 89)
>>> 15:55/#J661/26/Could not initialize data in path with TCP
>>>
>>> 15:55/95/CAN'T FOPEN $STDLIST IN 'STARTLOGON' ON LDEV #5. (js 131)
>>> 15:55/95/CAN'T CLEANUP SOCKET ON LDEV #5. (js 89)
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 98; Info: 27648
>>> - Error: 34; VTS protocol violation; received VTS msg exceeds maximum
>>> length.
>>> - Miscellaneous   : 12020
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 98; Info: 0
>>> - Error: 23; Offending IP address in Info(msb) and Qualifier(lsb)
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 93; Info: 14408
>>> - Error: 34; VTS protocol violation; received VTS msg exceeds maximum
>>> length.
>>> - Miscellaneous   : 12020
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 93; Info: 0
>>> - Error: 23; Offending IP address in Info(msb) and Qualifier(lsb)
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 0
>>> - Error: 12; Error Reported by VT
>>> - VT error        : 7; UNEXPECTED/BAD RESPONSE FROM VT
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 79; Info: 0
>>> - Error: 12; Error Reported by VT
>>> - VT error        : 6; VTS MESSAGE HAS INVALID FORMAT
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 0
>>> - Error: 12; Error Reported by VT
>>> - VT error        : 7; UNEXPECTED/BAD RESPONSE FROM VT
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 79; Info: 1
>>> - Error: 6; Port AFT Entry could not be obtained
>>> - Environment err : 0
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 63; Info: 29556
>>> - Error: 34; VTS protocol violation; received VTS msg exceeds maximum
>>> length.
>>> - Miscellaneous   : 12020
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 63; Info: 0
>>> - Error: 23; Offending IP address in Info(msb) and Qualifier(lsb)
>>> 15:55/#J661/26/Could not initialize data in path with TCP
>>>
>>>
>>> 15:55/#J661/26/Could not initialize data in path with TCP
>>>
>>>
>>> 15:55/#J661/26/Could not initialize data in path with TCP
>>>
>>>
>>> 15:56/#J1645/78/LOGON FOR: "BATCHJOB,MGR.EMPIREBL,PUB" ON LDEV #10.
>>> #J661/26/Could not initialize data in path with TCP
>>> 15:56/#J661/26/Could not initialize data in path with TCP
>>>
>>> 15:56/#J661/26/Could not initialize data in path with TCP
>>>
>>> 15:56/#J1645/78/LOGOFF ON LDEV #10.
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 0
>>> - Error: 12; Error Reported by VT
>>> - VT error        : 7; UNEXPECTED/BAD RESPONSE FROM VT
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 79; Info: 0
>>> - Error: 12; Error Reported by VT
>>> - VT error        : 6; VTS MESSAGE HAS INVALID FORMAT
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 0
>>> - Error: 12; Error Reported by VT
>>> - VT error        : 7; UNEXPECTED/BAD RESPONSE FROM VT
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 79; Info: 1
>>> - Error: 6; Port AFT Entry could not be obtained
>>> - Environment err : 0
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 85; Info: 12300
>>> - Error: 34; VTS protocol violation; received VTS msg exceeds maximum
>>> length.
>>> - Miscellaneous   : 12020
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 85; Info: 0
>>> - Error: 23; Offending IP address in Info(msb) and Qualifier(lsb)
>>> ** NS/3000 NetIPC ERROR IN VT; Job: 0; PIN: 81; Info: 1
>>> - Error: 42;
>>> 15:57/#J1640/65/LOGON FOR: "BATCHJOB,MGR.EMPIRE1,PUB" ON LDEV #10.
>>> 15:57/#J1640/87/SCHEDULED JOB INTRODUCED ON LDEV #10.
>>> 15:57/#J1640/65/LOGOFF ON LDEV #10.
>>> ** NS/3000 NetIPC ERROR IN VT; Job: 0; PIN: 89; Info: 1
>>> - Error: 42;
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 90; Info: 18245
>>> - Error: 34; VTS protocol violation; received VTS msg exceeds maximum
>>> length.
>>> - Miscellaneous   : 12020
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 90; Info: 0
>>> - Error: 23; Offending IP address in Info(msb) and Qualifier(lsb)
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 78; Info: 26980
>>> - Error: 34; VTS protocol violation; received VTS msg exceeds maximum
>>> length.
>>> - Miscellaneous   : 12020
>>> ** NS/3000 INTERNAL ERROR IN VT; Job: 0; PIN: 78; Info: 0
>>> - Error: 23; Offending IP address in Info(msb) and Qualifier(lsb)
>>> 15:58/95/CAN'T FOPEN $STDLIST IN 'STARTLOGON' ON LDEV #5. (js 131)
>>> 15:58/95/CAN'T CLEANUP SOCKET ON LDEV #5. (js 89)
>>> 15:58/81/CAN'T FOPEN $STDLIST IN 'STARTLOGON' ON LDEV #11. (js 131)
>>> 15:58/81/CAN'T CLEANUP SOCKET ON LDEV #11. (js 89)
>>> 16:06/#J1647/50/LOGON FOR: "BATCHJOB,MGR.EMPIREBL,PUB" ON LDEV #10.
>>> 16:06/#J1647/102/SCHEDULED JOB INTRODUCED ON LDEV #10.
>>> 16:06/#J1647/50/LOGOFF ON LDEV #10.
>>>
>>> --
>>> BT
>>> NNNN
>>>
>>>
>>>
>>> Tracy Johnson
>>> Justin Thyme Productions
>>> http://hp3000.empireclassic.com/
>>>
>>> * To join/leave the list, search archives, change list settings, *
>>> * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
>>>
>>
>>
>>
>
>
> --
> BT
> NNNN
>
>
>
> Tracy Johnson
> Justin Thyme Productions
> http://hp3000.empireclassic.com/
>
>

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2