[Info-vax] [Change topic] VMS systems botnets

[Stephen Hoffman]

On 2016-10-28 12:32:04 +0000, Roy Omond said:

> Hoff, I'd appreciate if you could expand on this.  How were these VMS 
> systems acting as botnets ?

What, that OpenVMS as is commonly used and deployed can be or is 
insecure, that rogue perl code can and does work on OpenVMS, and that 
running badly down-revision network servers and network-related 
libraries and cleartext network protocols won't end badly?   That 
various OpenVMS servers can be incorporated into spam and DDoS networks 
trivially, due to the utterly inexplicable open-relay default, and the 
severely down-revision network server software?  I've cleaned up 
various breached servers.  Some were "just" used in reflection attacks 
(NTP & DNS are popular here), some were relaying massive spam, some 
were used in what I suspect were gaming DDoSes.   Yes, some were 
running rogue code.   I have a list of hundred or so unpatched 
vulnerabilities in OpenVMS and associated network services ranging from 
remote code exploits to DoSes to information disclosures, and it isn't 
hard to find those lists and those vulnerabilities.   With some of the 
OpenVMS sites still clinging to and still running insecure protocols 
such as telnet, ftp and DECnet — and SCS, for that matter — even that 
effort often isn't necessary.  Most "firewall-protected" networks 
probably aren't as secure as you think they are or want them to be, 
which makes the traditional means of protecting OpenVMS — isolating the 
servers from the Internet — problematic.






-- 
Pure Personal Opinion | HoffmanLabs LLC