[Info-vax] Need to set up a special purpose account

Tom Adams tadamsmar at gmail.com
Mon Oct 10 15:29:35 EDT 2016 

On Monday, October 10, 2016 at 11:45:06 AM UTC-4, Stephen Hoffman wrote:
> On 2016-10-10 13:17:17 +0000, Tom Adams said:
> 
> > On Friday, October 7, 2016 at 3:48:49 PM UTC-4, Stephen Hoffman wrote:
> >> On 2016-10-07 19:37:15 +0000, Tom Adams said:
> >> 
> >>> None of the anonymous-related logical names are defined.
> >> 
> >> Fix the log owership to allow ANONYMOUS to write the logs.  [ANONY,ANONYMOUS]
> >> 
> >> 
> >> 
> >> --
> >> Pure Personal Opinion | HoffmanLabs LLC
> > 
> > One odd thing I noticed is this:
> > 
> > $ dir dsa0:[ucx$ftp]*anon*/owner/date
> > 
> > Directory DSA0:[UCX$FTP]
> > 
> > UCX$FTP_ANONYMOUS.LOG;1
> >                       8-AUG-1997 07:15:00.61  [UCX$AUX,UCX$FTP]
> > 
> > Total of 1 file.
> > $ dir dsa0:[tcpip$ftp]*anon*/owner/date
> > 
> > Directory DSA0:[TCPIP$FTP]
> > 
> > TCPIP$FTP_ANONYMOUS.LOG;1
> >                       8-AUG-1997 07:15:00.61  [SYSTEM]
> > 
> > Total of 1 file.
> > 
> > This is the same file with different names (not sure how that works).
> 
> Answered in another reply.   Piled up crap that hasn't been dealt with. 
>   This is the same leftover-mess from upward-compatibility problem as 
> that old VAX C code, effectively.
> 
> > 
> > But the TCPIP one is owned by [SYSTEM]
> > 
> > I set the owner of TCPIP$FTP_ANONYMOUS to [TCPIP$AUX,TCPIP$FTP] (the 
> > owner of the directory) but I got a confusing error in 
> > TCPIP$FTP_RUN.LOG when I tested.
> 
> I wouldn't change that directory ownership, and I'd probably move the 
> anonymous FTP log somewhere else, or would set the anonymous FTP log 
> itself to something that the anonymous FTP bits can write to — and 
> would not open up write access to FTP or the anonymous FTP user wider 
> than abosolutely necessary.

I ended up figuring out how to get tcpip$config to generate the log file with good defaults.
> 
> > So, I set the owner back to [SYSTEM] and set the protection to W:RWED. 
> > But I got the same error, here is the error:
> > 
> > 
> > %SYSTEM-F-NOSUCHID, unknown rights identifier
> > %TCPIP-E-FTP_LOGFAL, remote interactive login failure anonymous
> > -TCPIP-I-FTP_NODE, client host name: EESD.nheerl.epa.gov
> > -LOGIN-F-NOSUCHUSER, no such user
> > %TCPIP-I-FTP_SESCON, FTP SERVER: session connection from EESD.nheerl.epa.gov at
> > 10-OCT-2016 09:10:52.48
> > 
> > I tried 3 passwords: guest, sysmgr, and adams
> > 
> > 2 of them are account names in the UAF.  I got the same error for all three.
> 
> Your anonymous user doesn't have the default credentials.   Which means 
> either that user does not exist, or something blocked the default 
> account creation.   Go figure out why that is.
> 
> ps: You have exposed your login credentials in cleartext to the 'net, 
> and for the most privileged users on this server.   I'd ssh into this 
> OpenVMS box and change those credentials.

I guess it's honeypot now since if we get hit we will know that some hacker is already poking around inside our intranet.  So this would indicate an inside job or a hack of at least one firewall.


> 
> 
> 
> -- 
> Pure Personal Opinion | HoffmanLabs LLC

More information about the Info-vax mailing list