[Info-vax] VMS v8.4 disk corruption
IanMiller
gxys at uk2.net
Wed Aug 11 04:59:01 EDT 2010
On Aug 10, 10:07 pm, JF Mezei <jfmezei.spam... at vaxination.ca> wrote:
> Alan Frisbie wrote:
> > However, since reading Hoff's warning about disk corruptions
> >http://labs.hoffmanlabs.com/node/1609I have been afraid to
> > install it on the production system, and the test system is
> > otherwise occupied at the moment.
>
> Thanks for the pointer. Interesting problems described in Hoff's entry.
>
> Personally, I find the ability to see what passwords are being used
> during an attack to be extremely important. Telling whether they are
> using radom/common passwords from a dictionary or whether they are using
> brute force, or whether they seem to have a valid password are all very
> important distinctions.
>
> BTW, to anyone installing 8.4 and the new TCPIP, reporting on whether
> POP and IMAP now log invalid connection attempts to the audit (and
> trigger intrusion mechanism) would be of use.
>
> At one point, this much needed security fix was included in the roadmap,
> and then was removed.
>
> Also to test for the same: the XMD server also allowed at one point
> unlimited password testing without any logging and without any intrusion
> evasion.
A quick test with OpenVMS Alpha V8.4 and TCPIP V5.7 - I enabled the
POP server, telnet to port 110 and tried a couple of USER/PASS
commands with incorrect passwords and was disconnected. and a
intrusion record was created. there where also audit alarms.
$ sh int
Intrusion Type Count Expiration Source
--------- ---- ----- ---------- ------
NETWORK SUSPECT 2 11-AUG-2010 10:09:22.83
POP::LOCALHOST::system
More information about the Info-vax
mailing list