HP3000-L Archives

March 1995, Week 2

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Attack risks on a 3k from the Internet
From:
Jim Wowchuk <[log in to unmask]>
Reply To:
Jim Wowchuk <[log in to unmask]>
Date:
Wed, 8 Mar 1995 16:01:56 +1000
Content-Type:
text/plain
Parts/Attachments:
text/plain (73 lines) 
At 08:12 AM 7/3/95 -0500, Eric Schubert wrote:
>I'm trying to evaluate internet attack risks using VT with a 3k.  Assume
>that VT sits behind a router that allows access only to the VT port.  What I
>have so far:
>
>()  Does the HP-UX OS come with NS/vt software built in to connect to 3k's?
 
Nope.  Extra product.  Unsure what's going to happen with HP-UX 10.0, as NS
Services will be dropped.  VT3K will probably be hived off on its own.
 
>()  My testing indicates that an NS/vt port can be attacked simply with any
>Telnet client connecting to the VT port number, tying up sockets and tservers.
 
Well it has a listener on sortof well-known ports.  So that makes it
vulnerable, but what's the likely hood for damage?
>
>()  It follows that any NS/vt port can be attacked easily with a perl script
>or simple BSD client that performs connections in a continuous loop, using
>up all available sockets on the 3k without actually doing a logon.  What is
>the VT drop timeout?
 
Admittedly, yes, it may use up the pool, but to what end?  It will perhaps
make vt connections unavailable, but this wouldn't be serious damage would it?
 
>()  How easy is it to discover the proper protocol response to a NS/vt
>connection and get an MPE prompt (roll your own VT client, say with a c or
>perl script)?
 
Given the few numbers of players in the HP VT market, it must be pretty
limited!  Interestingly, I did find out you can buy the actual manual from
HP explaining the VT protocol messages! (Hint, its not part of the HP3000
documentation sets).
 
>()  If this is done (figure out the proprietary handshake to obtain an MPE
>prompt, like NS/open did), my testing shows that NS/vt will allow continuous
>trial of passwords (try three passwords-drop; reconnect; try three
>more-drop; reconnect, etc.)  Is there any way to shutdown such an attack
>without turning off NS/VT?
 
This seems to be a considerable amount of work, which is traceable.
Wouldn't coming in over a DTC port be that much easier?  Or are there
security methods in place there?  Generally, though, if the attack is
outside the network, then the firewall is the place to limit it (IMWO).
 
>() What kind of TCP/IP level attacks can take place?  I heard of things like
>packet spoofing, does the 3k need to worry about this?
 
Spoofing is a worry anywhere its done, but is it likely?  I'd probably be
more concerned about sniffers.  As far as I know, there are no encryption
routines on VT messages are there?
 >
>If anyone has more insights or experiences, please drop me a line.  Thanks.
 
Rumour* has it that HP are looking at implementing a security inetd system
for the HP3000.  This would give the ability to limit access to any listener
port to nominated ranges of IP addresses.  It may also provide some type of
encryption and authorization process.
 
*John Paul Rumour: Noted gossip, tout and all-round unsavoury character.
Should never be referenced second-hand!  KIUYH.
>--------------------------------------------------------------------
>Eric J. Schubert                 Administrative Information Services
>Senior Data Base Analyst         University of Notre Dame, IN USA
 
Regards.
----
Jim Wowchuk                    Internet:    [log in to unmask]
Vanguard Computer Services     Compu$erve:  100036,106
 _--_|\                        Post:        PO Box 18, North Ryde, NSW 2113
/      \                       Phone:       +61 (2) 888-9688
\.--.__/ <---Sydney NSW        Fax:         +61 (2) 888-3056
      v      Australia

ATOM RSS1 RSS2