[Info-vax] SSH on VAX - performance impact of break in attempts
Richard Whalen
WhalenR at process.com
Thu Aug 26 08:20:35 EDT 2010
It appears that my earlier reply got lost.
MultiNet 5.3 includes an Intrusion Prevention System (IPS). If the IPS is
configured, SSH will send it information on login failures. When enough
login failures have accumulated the IPS will install a filter in MultiNet so
that the process will never be created.
http://www.process.com/tcpip/mndocs53/ADMIN_GUIDE/ch32.htm#E29E33
"JF Mezei" <jfmezei.spamnot at vaxination.ca> wrote in message
news:4c75d34a$0$4734$c3e8da3 at news.astraweb.com...
> AEF wrote:
>
>> There's also break-in evasion.
>
>
> I am not sure break in evasion will sold the *performance* problem. The
> remote user is still able to connect and try a username/password, it is
> just refused (even if correct). This process is what consumes lots of
> CPU due to the setup of the encrypted connection.
>
> The proper thing to do would be to detect those attemps, and then send
> snmp messages to the router to block the originating IP in an access
> list. This prevents those CPU-expemsive login attempts.
More information about the Info-vax
mailing list