>Subject:  MPE vulnerable to SYN denial-of-service attacks?
>
>Does anybody know if MPE is vulnerable to this kind of attack?
>--
>Mark Bixby                      E-mail: [log in to unmask]
 
Mark:
 
Any TCP/IP service is vulnerable to service denial attacks, NS/VT, Telnet,
you name it - on all platforms.
 
There may be firewall software to detect "throttle" connections to this
traffic and set low level TCP options to disregard the traffic.  Our inetd()
server on a Sun behaves this way - refuses connections after a certain rate
is detected.  But it can't select which ones to let through , so it denies all.
 
I tested a simple "throttle" script that generated endless VT connections on
our HP 3000 918 machine - it certainly does choke the machine and prevent
any new VT connections (you don't have to log on, simply do a socket
connection to the VT port.  It takes a very long time for MPE to timeout the
bogus connection.)
 
The good news is that my tests haven't crashed the MPE system and the people
already logged on over VT where OK.  Just new requests choked until the
"attacker" script was killed.
 
If you put your HP behind a router that supports active filtering, like a
CISCO router, you could "stop" an attack to your host by defining a filter
right quick to deny access from the attacker's IP address point.  But this
could escalate into a cat and mouse game and waste everybody's time.
 
Any other suggestions?
 
----------------------------------------------------------------
Eric J. Schubert             Excellence In Service, Senior Analyst
Univ of Notre Dame, IN USA   Office of Information Technologies
(219) 631-7306               http://www.nd.edu/~eschuber