[Info-vax] OpenVMS TCPIP equivalent of hosts.deny?
Supratim Sanyal
supratim at riseup.invalid
Fri Nov 18 17:48:53 EST 2016
In article <mailman.6.1479434491.3125.info-vax_rbnsn.com at rbnsn.com>,
kemain.nospam at gmail.com says...
>
> > -----Original Message-----
> > From: Info-vax [mailto:info-vax-bounces at rbnsn.com] On Behalf
> > Of Simon Clubley via Info-vax
> > Sent: 17-Nov-16 8:25 PM
> > To: info-vax at rbnsn.com
> > Cc: Simon Clubley <clubley at remove_me.eisner.decus.org-
> > Earth.UFP>
> > Subject: Re: [Info-vax] OpenVMS TCPIP equivalent of
> > hosts.deny?
> >
> > On 2016-11-17, Michael Moroney
> > <moroney at world.std.spaamtrap.com> wrote:
> > >
> > > I wrote code years ago that monitors the audit server mailbox
> > for
> > > breakin events from the internet and null-routes the source
> > address
> > > (actually the
> > > /24 of the source). Since I couldn't use the deny capability
> for
> > more
> > > than 16 attempts, I got around that by doing a TCPIP SET
> ROUTE
> > to use
> > > a nonexistent address as a gateway. So any further attempt
> to
> > contact
> > > from the banned host would have the VMS system attempt to
> > respond by
> > > sending to the nonexistent gateway, so the banned host could
> > never set
> > > up the TCP connection. To it it appears as if the system
> > vanished off
> > > the net.
> > >
> >
> > The downside to that of course is that connection resources are
> > tied up in the VMS system until the connection times out.
> >
> > In the old days, people sometimes used a similar method (not
> > sending the final ACK during connection setup) to cause a DoS
> > against a target machine.
> >
> > I wonder if current versions of TCP/IP Services are vulnerable
> to
> > that.
> >
> > Simon.
> >
So you block out entire Brazil if one telnet spammer from Brazil is
running a script (like in my case) :O
More information about the Info-vax
mailing list