I think Wirt has a well-reasoned proposal, overall.  The only modification
I can think of is to allow the aging parameter for purging rejected
addresses to be configurable by the system manager.  24 hours may be
adequate in most cases, but this is rather arbitrary and should be left to
each site to determine what's in its best interests.

Lee Gunter






Stan writes:

> Ah...you're not talking about what MPE *is*, but what it *could be*.

Yes. But there's certainly no sin in that. And the changes necessary to MPE
are surprisingly small, particularly so considering the benefits that would
be
derived.


>  > If a particular remote IP address accrues 25 (or 50 or 100) failed
logon
>  > attempts in 1 (or 4 or 6 or 24) hours, that remote IP address could
then
>  > be written into a file of non-accepted IP addresses. This file would
>  > essentially be the antithesis of INETDSEC.NET.SYS. Rather than
> > specify the list of
>
>  Good idea!  I wouldn't put a time limit on it ... if the IP address
fails
>  10 times in a row, bar that IP address.

Based on Stan's and Chris's comments, let me propose a modified algorithm
for
the IP reject file:

<snip>

   o once a day, perhaps at midnight, have MPE automatically review the
reject
file and purge all IP addresses that are more than 24 hours old. The
expectation would then thus be, for almost all circumstances and times,
that
the reject file would be empty; after all, most HP3000s are rarely under
attack. Should an attack occur, it tends to be a transient phenomenon.

<massive cut>