<div dir="ltr"><div><div style="overflow:auto">Whoa! I've actually found a way to replicate the failure, both on 7.2 and 7.3.
<br>Just expose the machine to the internet and wait for someone to run
<br>some security scan on it, e.g. a command like nmap -v -A IP_ADDR
<br>One or two nmap scans to the host are sufficient to make the telnet
<br>service crash and to render it inaccessible.
<br>I've discovered this after noticing that in my test setup
<br>the only node experiencing the issue was the one publicly
<br>available to the internet.
<br>
<br>Here you can find a few traffic dumps, done with Wireshark:
<br> * working telnet, successful login:
<br> <a href="https://enlab.net/%7Elorenzo/dump/2014-05/vms72_telnet_ok.pcapng" target="_blank">https://enlab.net/~lorenzo/dump/2014-05/vms72_telnet_ok.pcapng</a>
<br> * broken telnet, stream of chars:
<br> <a href="https://enlab.net/%7Elorenzo/dump/2014-05/vms72_telnet_fail.pcapng" target="_blank">https://enlab.net/~lorenzo/dump/2014-05/vms72_telnet_fail.pcapng</a>
<br> * broken telnet, stream of chars with some interaction attempts on my side:
<br> <a href="https://enlab.net/%7Elorenzo/dump/2014-05/vms72_telnet_fail_interact.pcapng" target="_blank">https://enlab.net/~lorenzo/dump/2014-05/vms72_telnet_fail_interact.pcapng</a>
<br> * full exchange between nmap and the OpenVMS machine:
<br> <a href="https://www.google.com/url?q=https%3A%2F%2Fenlab.net%2F%7Elorenzo%2Fdump%2F2014-05%2Fvms72_telnet_fail_nmap.pcapng&sa=D&sntz=1&usg=AFQjCNE5fYAFMalm7n4H_ddXOW6SbpdkMQ" target="_blank">https://enlab.net/~lorenzo/dump/2014-05/vms72_telnet_fail_nmap.pcapng</a>
<br>
<br>In these dumps the OpenVMS machine is always on 192.168.1.17.
<br>This filter rule:
<br> (ip.src==192.168.1.17 or ip.src==192.168.1.227) and
<br> (ip.dst==192.168.1.17 or ip.dst==192.168.1.227)
<br>has been applied to the dumps in order to clear them
<br>from all the LAN broadcast garbage.
<br>
<br>The last log should be the most interesting one,
<br>as it may contain the key to find out what's going on.
<br>I think that the telnet service is just dying under the
<br>amount of data that nmap is sending to probe it. Memory exhaustion?
<br>
<br>To sum it all up, after running a port scan with nmap to audit
<br>my network from the outside... I was crashing my own OpenVMS box.
<br>It's a tough world.<br><br></div><div style="overflow:auto">[sent to comp.os.vms too]<br></div></div> </div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, May 1, 2014 at 2:58 AM, Mark Pizzolato - Info Comm <span dir="ltr"><<a href="mailto:Mark@infocomm.com" target="_blank">Mark@infocomm.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div link="blue" vlink="purple" lang="EN-US"><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">You can do BOTH (rule out the variables you have planned), and AT THE SAME TIME, collect traffic with WireShark. You can start Wireshark Data collection any time BEFORE (and through) when you start to see the problem. So, even if you’ve already setup the next step in your plans, you can still turn on WireShark to collect the relevant data…<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"><u></u> <u></u></span></p><div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> <a href="mailto:simh-bounces@trailing-edge.com" target="_blank">simh-bounces@trailing-edge.com</a> [mailto:<a href="mailto:simh-bounces@trailing-edge.com" target="_blank">simh-bounces@trailing-edge.com</a>] <b>On Behalf Of </b>Lorenzo<br>
<b>Sent:</b> Wednesday, April 30, 2014 2:52 PM</span></p><div><div class="h5"><br><b>To:</b> Mark Pizzolato - Info Comm<br><b>Cc:</b> <a href="mailto:simh@trailing-edge.com" target="_blank">simh@trailing-edge.com</a>; Rick Murphy<br>
<b>Subject:</b> Re: [Simh] OpenVMS 7.2 VAX telnet failure<u></u><u></u></div></div><p></p></div></div><div><div class="h5"><p class="MsoNormal"><u></u> <u></u></p><div><div><p class="MsoNormal">As I stated in comp.os.vms too, I came up with this testbed:<br>
<br> * OpenVMS 7.2, attached to a newer Realtek network card<br> * OpenVMS 7.3, fresh setup temporarily running on the integrated network card<br><br>Albeit seeming messy, this should allow me to rule out a few more variables in ~24 hours.<u></u><u></u></p>
</div><div><p class="MsoNormal">In case of failure I'm ready to dump traffic with Wireshark and post it here.<br><br>Thanks<u></u><u></u></p></div></div><div><p class="MsoNormal" style="margin-bottom:12.0pt"><u></u> <u></u></p>
<div><p class="MsoNormal">2014-04-30 17:45 GMT+02:00 Mark Pizzolato - Info Comm <<a href="mailto:Mark@infocomm.com" target="_blank">Mark@infocomm.com</a>>:<u></u><u></u></p><div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">Of course, you are free to try to work around the issue, but traffic captures will explain what is really happening and then determine what the simplest workaround might be. Traffic analysis will either point to or eliminate the need or desire to swap cards.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">I’d suggest that you try using the MultiNet IP stack. I’ve had experience with MultiNet for 20+ years and even now, leave telnet sessions connected for many days and never see a problem. Switching to MultiNet will avoid the need to migrate users or configure a new OS from scratch or perform an upgrade. I strongly suspect that both MultiNet and the HP TCP stack can be installed on the same system at the same time as long as you only start one OR the other in your systartup configuration.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p><div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> <a href="mailto:simh-bounces@trailing-edge.com" target="_blank">simh-bounces@trailing-edge.com</a> [mailto:<a href="mailto:simh-bounces@trailing-edge.com" target="_blank">simh-bounces@trailing-edge.com</a>] <b>On Behalf Of </b>Lorenzo<br>
<b>Sent:</b> Wednesday, April 30, 2014 8:30 AM<br><b>To:</b> Mark Pizzolato - Info Comm<br><b>Cc:</b> <a href="mailto:simh@trailing-edge.com" target="_blank">simh@trailing-edge.com</a>; Rick Murphy</span><u></u><u></u></p>
<div><div><p class="MsoNormal"><br><b>Subject:</b> Re: [Simh] OpenVMS 7.2 VAX telnet failure<u></u><u></u></p></div></div></div></div><div><div><p class="MsoNormal"> <u></u><u></u></p><div><p class="MsoNormal">Before starting to dig into traffic captures I'd like to try two more things:<br>
<br>* a OpenVMS 7.3 setup on a new SIMH machine - if that works then I can think about migrating users and data from 7.2<br>* using a different ethernet card to rule out layer 1 problems<br><br>This problem is not easily reproducible, "it just happens", so I can only report back after a certain amount of time.<br>
Thanks for now<u></u><u></u></p></div><div><p class="MsoNormal" style="margin-bottom:12.0pt"> <u></u><u></u></p><div><p class="MsoNormal">2014-04-30 16:59 GMT+02:00 Mark Pizzolato - Info Comm <<a href="mailto:Mark@infocomm.com" target="_blank">Mark@infocomm.com</a>>:<u></u><u></u></p>
<div><div><p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d">As Rick suggested, you should capture traffic in both directions. Wireshark is an excellent tool for that. Additionally, Wireshark has built-in protocol decoders which can interpret what is happening in the TCP telnet session. If you aren’t familiar with, or don’t want to dig into the details of the packet innards, you can save the capture contents, make it available, and let me or someone else can interpret the details and offer analysis.</span><u></u><u></u></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1f497d"> </span><u></u><u></u></p><div style="border:none;border-left:solid blue 1.5pt;padding:0in 0in 0in 4.0pt">
<div><div style="border:none;border-top:solid #b5c4df 1.0pt;padding:3.0pt 0in 0in 0in"><p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> <a href="mailto:simh-bounces@trailing-edge.com" target="_blank">simh-bounces@trailing-edge.com</a> [mailto:<a href="mailto:simh-bounces@trailing-edge.com" target="_blank">simh-bounces@trailing-edge.com</a>] <b>On Behalf Of </b>Lorenzo<br>
<b>Sent:</b> Wednesday, April 30, 2014 7:25 AM<br><b>To:</b> Rick Murphy<br><b>Cc:</b> <a href="mailto:simh@trailing-edge.com" target="_blank">simh@trailing-edge.com</a><br><b>Subject:</b> Re: [Simh] OpenVMS 7.2 VAX telnet failure</span><u></u><u></u></p>
</div></div><div><div><p class="MsoNormal"> <u></u><u></u></p><div><div><div><div><p class="MsoNormal">What nmap is reporting should be the traffic from the VAX to the client.<br>No matter the client I use (e.g. telnet.exe, PuTTY...), all I get is an endless stream of chars, which matches what appears in the traffic dump.<u></u><u></u></p>
</div><p class="MsoNormal">Upgrading to SIMH 4.0 beta had no effect - after 14 hours I experienced the same exact problem.<u></u><u></u></p></div><div><p class="MsoNormal">During the telnet outage, which happened after ~14 hours of SIMH running, FTP was still working fine.<u></u><u></u></p>
</div></div></div><div><p class="MsoNormal" style="margin-bottom:12.0pt"> <u></u><u></u></p><div><p class="MsoNormal">2014-04-30 2:50 GMT+02:00 Rick Murphy <<a href="mailto:rick@rickmurphy.net" target="_blank">rick@rickmurphy.net</a>>:<u></u><u></u></p>
<div><p class="MsoNormal">At 06:21 PM 4/29/2014, Lorenzo wrote:<u></u><u></u></p></div><blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<div><p class="MsoNormal">Hi!<br>I'm running OpenVMS 7.2 VAX on a simh emulator, latest release<u></u><u></u></p></div><p class="MsoNormal">(V3.9-0 from <<a href="http://simh.trailing-edge.com" target="_blank">http://simh.trailing-edge.com</a>><a href="http://simh.trailing-edge.com" target="_blank">simh.trailing-edge.com</a>) and compiled with networking (libpcap, no vde).<u></u><u></u></p>
<div><p class="MsoNormal"><br>The emulator has got its own network card to which it's attached.<br>The host operating system is Linux, kernel 3.11.<br>My issue is that after an apparently random amount of time (usually a few hours) the telnet server stops working.<br>
I can't get any client to log in remotely - as soon as I connect to the OpenVMS machine,<br>all I get is a blank character sequence, as follows (dumped by nmap):<br><br>SF:NULL,1138,"\xff\xfb\x01\xff\xfb\x03\xff\xff\xff\xff\0\0\0\0\0\0\0\0\0\0<u></u><u></u></p>
</div></blockquote><p class="MsoNormal" style="margin-bottom:12.0pt"><br><br>There's a beginning of some TELNET options negotiation going on there.<br><br>That's the following:<br>255 (IAC)<br>251 (WILL)<br>1 (ECHO)<br>
255 (IAC)<br>251 (WILL)<br>3 (SGA) [Suppress go-ahead)<br><br>That's pretty standard.<br>The series of 0xff (IACs) and nulls that follow aren't.<br><br>You really need to capture the traffic to-and-from. Is this coming from the VAX to your client, or vice versa?<span style="color:#888888"><br>
-Rick</span><u></u><u></u></p></div><p class="MsoNormal"> <u></u><u></u></p></div></div></div></div></div></div></div><p class="MsoNormal"> <u></u><u></u></p></div></div></div></div></div></div></div><p class="MsoNormal">
<u></u> <u></u></p></div></div></div></div></div></div></blockquote></div><br></div>