[Info-vax] OpenVMS TCPIP equivalent of hosts.deny?
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Thu Nov 17 20:25:06 EST 2016
On 2016-11-17, Michael Moroney <moroney at world.std.spaamtrap.com> wrote:
>
> I wrote code years ago that monitors the audit server mailbox for breakin
> events from the internet and null-routes the source address (actually the
> /24 of the source). Since I couldn't use the deny capability for more
> than 16 attempts, I got around that by doing a TCPIP SET ROUTE to use
> a nonexistent address as a gateway. So any further attempt to contact
> from the banned host would have the VMS system attempt to respond by
> sending to the nonexistent gateway, so the banned host could never set up
> the TCP connection. To it it appears as if the system vanished off the
> net.
>
The downside to that of course is that connection resources are tied up
in the VMS system until the connection times out.
In the old days, people sometimes used a similar method (not sending the
final ACK during connection setup) to cause a DoS against a target machine.
I wonder if current versions of TCP/IP Services are vulnerable to that.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Microsoft: Bringing you 1980s technology to a 21st century world
More information about the Info-vax
mailing list