[Ace] More Proof that the CC Scans Opsnet
Brian Bevins
bevins at jlab.org
Wed Jun 15 13:25:39 EDT 2011
Note that I have also seen jsl16 show up in these messages (129.57.71.27) .
Thanks,
--Brian
On 06/15/11 13:22, Brad Cumbia wrote:
> It looks like they added another new scanning computer. They were
> using jsl5 (129.57.71.15) which I blocked at the opsnet router
> interface. We have asked them not to scan the opsnet at all but
> something gets misconfigured/reconfigured and the next thing you know
> they are scanning it again. I guess I will have to block this machine
> also.
>
>
> Brad Cumbia
> Accelerator Network Administrator/Associate Coordinator
> Thomas Jefferson National Accelerator Facility
> Electrical Engineering Support Group
> Instrumentation & Control Systems
> Accelerator Computing Environment
> 12000 Jefferson Avenue
> Newport News, Virginia 23606
> Phone (757)269-5839
> Pager (757)584-5839
> Fax (757)269-7309
>
> On 06/15/2011 01:12 PM, Brian Bevins wrote:
>> I was seeing repetitions of the following error message on iocw2se1:
>> "connect failed : : errno = 0x3c"
>>
>> I traced this to the system app and vxRshd.c, where I added some
>> additional diagnostics and got:
>>
>> vxRshdDecode connect failed : : errno = 0x3c
>> Error status symbol table not included (errno = 0x3c).
>> client addr: 129.57.71.28
>>
>> 129.57.71.28 is jsl15.jlab.org which is one of usual port scanning
>> suspects.
>>
>> Even though the ioc appears to be coping, we should ask the CC to not
>> scan the new iocs iocw2se1, iocw4se1, and iocnlse1.
>>
>> --Brian
>>
--
Brian S. Bevins, PE
Computer Scientist / Mechanical Engineer
Thomas Jefferson National Accelerator Facility
"The urge to save humanity is almost always only a false-face
for the urge to rule it."
-- H. L. Mencken
More information about the Ace
mailing list