On:    Mon, 12 Mar 2012 15:45:32 +0000, "Johnson, Tracy"
<[log in to unmask]> wrote:
>
> I take a rather simpler approach.  Whenever these pop-up
> on the EMPIRE game machine.  I add the first three IP
> octets into the INETDSEC telnet and ftp deny portion of
> the file (nnn.nnn.nnn.* \).  I understand this may exclude
> entire small (and rather innocent) internet providers, but
> I think  that's a small price to be paid for hosting a
> hacker.
>
> If attempts on the first three octets grouped together
> start to get closely related to the first two.  I'll even
> start blocking the first two octets (nnn.nnn.*.* \).  I
> haven't had to block an entire first octet yet.
>
> I understand this is just an old fashioned block list.
> But in the interest of keeping the Empire game open to as
> many as I can, this is  probably the best I can do.
>

For information on how to hack into an HP3000 see :

http://bak.spc.org/dms/archive/hp3000.html

or

http://www.textfiles.com/hacking/hp3000.txt

Both dated and yet still applicable. There are many more
similar sources of information.

The approach that I have taken with respect to our HP3000s
and the internet is to place a dual homed Linux box in
front of the HP3000 and use that to provide firewall, ssh,
and proxy services.  The setup is fairly primitive:

Internet->> GW/FW <<--->> Eth0:Linux:Eth1 <<--->> HP3000

The network connection to the gateway/firewall provides
the public routable access.  The link between the Linux
front-end host and the HP3000 is a x-over cable using a
192.168.0.0 block address.  Direct network connections to
the HP3000 nic are physically impossible.  This insures
physical network security over the non-encrypted portion
of the network (for SSH access).

There are a wide assortment of Linux based firewall
appliance distributions which may simplify set up somewhat
for novice users. Alternatively, one can simply use a main
stream distribution or derivative like RHEL/CentOS or
Debian/Ubuntu and add and configure the packages desired.

We use a CentOS-5 based host running IPTables, Squid,
OpenSSH, VSftpd, and Denyhosts as the front-end to the
HP3000.  IPTables is configured to log and drop for 7 days
all addresses performing obvious port scans. IPTables
similarly counts, logs and blocks IP having excessive
failed connection attempts on visible ports.

Denyhosts scans the logs for other issues and really does
not add much to our setup.  However, Denyhosts can be used
to do itself everything I have chosen to do in IPTables.
Therefore one may concentrate on learning the
configuration of just Denyhosts and leave IPTables
configuration to the minimum necessary to allow access.

The proxy server handles ftp but we do not allow ftp
access to the HP3000 at all so I could not tell you if we
have that set up correctly or not.  We have it there in
case the need ever arises.

The intellectual load of dealing with these things is non
trivial.  However, the price of freedom is eternal
vigilance.  Once the front-end is setup we run logwatch to
send daily reports on connections and consider whether
further configuration changes are necessary.

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:[log in to unmask]
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *