[Info-vax] OpenVMS TCPIP equivalent of hosts.deny?
Kerry Main
kemain.nospam at gmail.com
Thu Nov 17 21:00:25 EST 2016
> -----Original Message-----
> From: Info-vax [mailto:info-vax-bounces at rbnsn.com] On Behalf
> Of Simon Clubley via Info-vax
> Sent: 17-Nov-16 8:25 PM
> To: info-vax at rbnsn.com
> Cc: Simon Clubley <clubley at remove_me.eisner.decus.org-
> Earth.UFP>
> Subject: Re: [Info-vax] OpenVMS TCPIP equivalent of
> hosts.deny?
>
> On 2016-11-17, Michael Moroney
> <moroney at world.std.spaamtrap.com> wrote:
> >
> > I wrote code years ago that monitors the audit server mailbox
> for
> > breakin events from the internet and null-routes the source
> address
> > (actually the
> > /24 of the source). Since I couldn't use the deny capability
for
> more
> > than 16 attempts, I got around that by doing a TCPIP SET
ROUTE
> to use
> > a nonexistent address as a gateway. So any further attempt
to
> contact
> > from the banned host would have the VMS system attempt to
> respond by
> > sending to the nonexistent gateway, so the banned host could
> never set
> > up the TCP connection. To it it appears as if the system
> vanished off
> > the net.
> >
>
> The downside to that of course is that connection resources are
> tied up in the VMS system until the connection times out.
>
> In the old days, people sometimes used a similar method (not
> sending the final ACK during connection setup) to cause a DoS
> against a target machine.
>
> I wonder if current versions of TCP/IP Services are vulnerable
to
> that.
>
> Simon.
>
Not sure what the current TCPIP stack has on this, but I know the
Multinet IPS rules can be set to deny (send reply message) or
drop (no response).
I suspect most cases would warrant simply dropping a suspect
connection request.
One feature on my firewall that I like is called a Geo-IP
feature. You can enable/disable all connections to/from specific
countries. It's amazing how many blocked connection requests I
see in the log from countries I have set to block.
Likely bot hunting activities.
Regards,
Kerry Main
Kerry dot main at starkgaming dot com
More information about the Info-vax
mailing list