Re: (ASCEND) This is new. What is it?

To: James Fischer <jfischer@supercollider.com>
Subject: Re: (ASCEND) This is new. What is it?
From: Darkshot <darkshot@chudys.com>
Date: Tue, 20 Oct 1998 13:28:43 -0400
CC: ascend-users@bungi.com
References: <199810201612.MAA23910@headend.cablenet-va.com>
Sender: owner-ascend-users@max.bungi.com

James Fischer wrote:
> 
>         Darkshot said:
> 
> >I just found this in my syslog. What does it mean? Anyone?
> 
>         My jaw drops in shock.  Ascend seems to have at last
>         realized that they needed to be more "Cisco like" in
>         their handling of security issues.  Which release is
>         this?  This is exactly the sort of thing that I have
>         been asking about for over a year.


It's only on the Max6K and it just started all of a sudden. The
software rev on it is 6.1.3. For some reason, it started when I
switched logging machines. It was logging to a UNIX box on another
backbone and I moved the UNIX box to that opop1 pop. When I switched
the logging, it "woke up". It had not been doing it before- I verified
it through looking at the older logs.


> 
> >Oct 19 19:45:41 h3ascend TELNET-1 TERMINATE  s=205.216.33.15,2892
> >d=208.133.52.6,23
> 
>         Someone at 205.216.33.15 ended a telnet session
>         to "h3ascend" at 208.133.53.6.
> 
> >Oct 19 19:48:44 h2ascend TELNET-1 TERMINATE  s=205.216.33.15,2893
> >d=208.133.52.5,23
> 
>         Someone at 205.216.33.15 ended a telnet session
>         to "h2ascend" at 208.133.52.5.
> 
> >Oct 19 19:50:58 ascend TELNET-14 TERMINATE  s=205.216.33.15,2894
> >d=206.240.43.4,23
> 
>         Someone at 205.216.33.15 ended a telnet session
>         to "ascend" at 208.240.43.4


Those are all me looking at all the maxen at the Henderson PoP.

> 
> >Oct 19 20:42:06 opop1 TELNET-54 TCP_ACCEPT  s=205.216.33.119,1137
> >d=205.216.33.4,23
> 
>         Ooooo!  Sexy!  Someone at 205.216.33.119 just STARTED
>         a session to "opop1" at 205.216.33.4
> 
> >Oct 19 20:42:08 opop1 TELNET-54 OPEN/PWD  s=205.216.33.119,1137
> >d=205.216.33.4,23
> 
>         ...and the person mentioned above (perhaps) put in
>         the proper password, and opened the telnet session
>         (the exact definition of this record is unclear)...
> 

Other logs show that that is what happened. My tech support manager
telnetted in to check someone's speed.


> >Oct 19 20:54:22 opop1 TELNET-54 TERMINATE  s=205.216.33.119,1137
> >d=205.216.33.4,23
> 
>         ...and here, they ended the session, 12 mins later.
> 
> >Oct 20 01:16:03 opop1 TELNET-51 TERMINATE  s=205.216.33.15,2548
> >d=205.216.33.4,23
> 
>         Now, this record bothers me, after the very detailed
>         records sent from "opop1" shown above.  Where are the
>         "TCP_ACCEPT" and "OPEN/PWD" records for this session?
>         If you did not neglect to include all the records
>         of this type in your e-mail, this means that the facility
>         is slightly inconsistent.

Nope- I did a simple cut and paste. Didn't miss anything that I know of.


> 
>         Please tell us the code rev used, and can you verify
>         if similar information is sent as an SNMP trap?

Can't verify SNMP; don't have the tools yet. NOTHING will compile
on SCO....


> 
>         If they are doing SNMP traps with this stuff, I will
>         be a happy man - the "Console State Change" traps
>         are useless.
> 
-- 
Darkshot (Michael B. Garrett)
<http://www.gloryroad.net>
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

References:

Re: (ASCEND) This is new. What is it?

From: James Fischer <jfischer@supercollider.com>

Prev by Date: Re: (ASCEND) Ascend Frame relay Problem
Next by Date: (ASCEND) Using SNMP to monitor PRI's
Prev by thread: Re: (ASCEND) This is new. What is it?
Next by thread: Re: (ASCEND) This is new. What is it?
Index(es):
- Main
- Thread