Thu, 3/9, Guy Smith <[log in to unmask]> wrote:
 
>: ()  If this is done (figure out the proprietary handshake to obtain an MPE
>: prompt, like NS/open did), my testing shows that NS/vt will allow continuous
>: trial of passwords (try three passwords-drop; reconnect; try three
>: more-drop; reconnect, etc.)  Is there any way to shutdown such an attack
>: without turning off NS/VT?
>
>The folks at VeSoft are using PEAIFs to intercept logon attempts in their
>Security/3000 product.  I am willing to bet that they could add this
>enhancement.
 
For what it's worth, after exhausting a re-try count, some security tools
'down' the device from where the invalid attempts originates.  In some
instances, the device is re-enabled after a prescribed time period, in
other cases it would require action on the part of the operator/system
manager.  However, during this time, the downed port is also unavailable
to others.
 
Instead of disabling the device, we've setup SAF/3000 from Monterey such
that the logon-ID itself is disabled.  This allows the port to remain in
service for others to use.  Granted someone could continue to try various
logon-IDs, probably disabling a number of them.  But this would stick-out
in the daily security reports that are reviewed, raising focus on the
situation.  The feeling amoung folks here was this was no more risk than
disabling/re-enabling the device yet it did provide a better service
factor in terms of access availability, especially with NS/VT ports.
 
--  Jerry