[Info-vax] OpenVMS TCPIP equivalent of hosts.deny?
Bill Gunshannon
bill.gunshannon at gmail.com
Fri Nov 18 18:26:22 EST 2016
On 11/18/16 5:48 PM, Supratim Sanyal wrote:
> In article <mailman.6.1479434491.3125.info-vax_rbnsn.com at rbnsn.com>,
> kemain.nospam at gmail.com says...
>>
>>> -----Original Message-----
>>> From: Info-vax [mailto:info-vax-bounces at rbnsn.com] On Behalf
>>> Of Simon Clubley via Info-vax
>>> Sent: 17-Nov-16 8:25 PM
>>> To: info-vax at rbnsn.com
>>> Cc: Simon Clubley <clubley at remove_me.eisner.decus.org-
>>> Earth.UFP>
>>> Subject: Re: [Info-vax] OpenVMS TCPIP equivalent of
>>> hosts.deny?
>>>
>>> On 2016-11-17, Michael Moroney
>>> <moroney at world.std.spaamtrap.com> wrote:
>>>>
>>>> I wrote code years ago that monitors the audit server mailbox
>>> for
>>>> breakin events from the internet and null-routes the source
>>> address
>>>> (actually the
>>>> /24 of the source). Since I couldn't use the deny capability
>> for
>>> more
>>>> than 16 attempts, I got around that by doing a TCPIP SET
>> ROUTE
>>> to use
>>>> a nonexistent address as a gateway. So any further attempt
>> to
>>> contact
>>>> from the banned host would have the VMS system attempt to
>>> respond by
>>>> sending to the nonexistent gateway, so the banned host could
>>> never set
>>>> up the TCP connection. To it it appears as if the system
>>> vanished off
>>>> the net.
>>>>
>>>
>>> The downside to that of course is that connection resources are
>>> tied up in the VMS system until the connection times out.
>>>
>>> In the old days, people sometimes used a similar method (not
>>> sending the final ACK during connection setup) to cause a DoS
>>> against a target machine.
>>>
>>> I wonder if current versions of TCP/IP Services are vulnerable
>> to
>>> that.
>>>
>>> Simon.
>>>
>
> So you block out entire Brazil if one telnet spammer from Brazil is
> running a script (like in my case) :O
>
If it were just one you might have a point. I once joined a mailing
list that was hosted out of Brazil. Mailing list generated about 5
emails a day. Spam originating from Brazil started at over a hundred
a day. I always assumed the ISP hosting the mailing list was in the
business of selling the addresses of people who subscribed. I blocked
all email from Brazil and can't say that I ever missed anything that
mattered.
bill
More information about the Info-vax
mailing list