Re: (ASCEND) This is new. What is it?

To: Darkshot <darkshot@chudys.com>, ascend-users@bungi.com
Subject: Re: (ASCEND) This is new. What is it?
From: James Fischer <jfischer@supercollider.com>
Date: Tue, 20 Oct 1998 12:12:29 +0000
Sender: owner-ascend-users@max.bungi.com

        Darkshot said:

>I just found this in my syslog. What does it mean? Anyone?

        My jaw drops in shock.  Ascend seems to have at last
        realized that they needed to be more "Cisco like" in 
        their handling of security issues.  Which release is 
        this?  This is exactly the sort of thing that I have
        been asking about for over a year.
        
>Oct 19 19:45:41 h3ascend TELNET-1 TERMINATE  s=205.216.33.15,2892
>d=208.133.52.6,23

        Someone at 205.216.33.15 ended a telnet session
        to "h3ascend" at 208.133.53.6.

>Oct 19 19:48:44 h2ascend TELNET-1 TERMINATE  s=205.216.33.15,2893
>d=208.133.52.5,23

        Someone at 205.216.33.15 ended a telnet session
        to "h2ascend" at 208.133.52.5.

>Oct 19 19:50:58 ascend TELNET-14 TERMINATE  s=205.216.33.15,2894
>d=206.240.43.4,23

        Someone at 205.216.33.15 ended a telnet session
        to "ascend" at 208.240.43.4

>Oct 19 20:42:06 opop1 TELNET-54 TCP_ACCEPT  s=205.216.33.119,1137
>d=205.216.33.4,23

        Ooooo!  Sexy!  Someone at 205.216.33.119 just STARTED
        a session to "opop1" at 205.216.33.4

>Oct 19 20:42:08 opop1 TELNET-54 OPEN/PWD  s=205.216.33.119,1137
>d=205.216.33.4,23

        ...and the person mentioned above (perhaps) put in 
        the proper password, and opened the telnet session
        (the exact definition of this record is unclear)...

>Oct 19 20:54:22 opop1 TELNET-54 TERMINATE  s=205.216.33.119,1137
>d=205.216.33.4,23

        ...and here, they ended the session, 12 mins later.

>Oct 20 01:16:03 opop1 TELNET-51 TERMINATE  s=205.216.33.15,2548
>d=205.216.33.4,23

        Now, this record bothers me, after the very detailed
        records sent from "opop1" shown above.  Where are the 
        "TCP_ACCEPT" and "OPEN/PWD" records for this session?  
        If you did not neglect to include all the records
        of this type in your e-mail, this means that the facility
        is slightly inconsistent.

        Please tell us the code rev used, and can you verify
        if similar information is sent as an SNMP trap?
        
        If they are doing SNMP traps with this stuff, I will
        be a happy man - the "Console State Change" traps
        are useless.

  	  Who Knows What Evil Lurks In The Heart of MENSA?

    james fischer                     jfischer@supercollider.com

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Follow-Ups:

Re: (ASCEND) This is new. What is it?

From: Kevin A Smith <kevin@ascend.com>

Re: (ASCEND) This is new. What is it?

From: Jason Nealis <nealis@babylon.erols.com>

Re: (ASCEND) This is new. What is it?

From: Darkshot <darkshot@chudys.com>

Prev by Date: Re: (ASCEND) p75 debug mode
Next by Date: Re: (ASCEND) p75 debug mode
Prev by thread: Re: (ASCEND) This is new. What is it?
Next by thread: Re: (ASCEND) This is new. What is it?
Index(es):
- Main
- Thread