Thu, 3/9, Guy Smith <[log in to unmask]> wrote: >: () If this is done (figure out the proprietary handshake to obtain an MPE >: prompt, like NS/open did), my testing shows that NS/vt will allow continuous >: trial of passwords (try three passwords-drop; reconnect; try three >: more-drop; reconnect, etc.) Is there any way to shutdown such an attack >: without turning off NS/VT? > >The folks at VeSoft are using PEAIFs to intercept logon attempts in their >Security/3000 product. I am willing to bet that they could add this >enhancement. For what it's worth, after exhausting a re-try count, some security tools 'down' the device from where the invalid attempts originates. In some instances, the device is re-enabled after a prescribed time period, in other cases it would require action on the part of the operator/system manager. However, during this time, the downed port is also unavailable to others. Instead of disabling the device, we've setup SAF/3000 from Monterey such that the logon-ID itself is disabled. This allows the port to remain in service for others to use. Granted someone could continue to try various logon-IDs, probably disabling a number of them. But this would stick-out in the daily security reports that are reviewed, raising focus on the situation. The feeling amoung folks here was this was no more risk than disabling/re-enabling the device yet it did provide a better service factor in terms of access availability, especially with NS/VT ports. -- Jerry