>Subject: MPE vulnerable to SYN denial-of-service attacks? > >Does anybody know if MPE is vulnerable to this kind of attack? >-- >Mark Bixby E-mail: [log in to unmask] Mark: Any TCP/IP service is vulnerable to service denial attacks, NS/VT, Telnet, you name it - on all platforms. There may be firewall software to detect "throttle" connections to this traffic and set low level TCP options to disregard the traffic. Our inetd() server on a Sun behaves this way - refuses connections after a certain rate is detected. But it can't select which ones to let through , so it denies all. I tested a simple "throttle" script that generated endless VT connections on our HP 3000 918 machine - it certainly does choke the machine and prevent any new VT connections (you don't have to log on, simply do a socket connection to the VT port. It takes a very long time for MPE to timeout the bogus connection.) The good news is that my tests haven't crashed the MPE system and the people already logged on over VT where OK. Just new requests choked until the "attacker" script was killed. If you put your HP behind a router that supports active filtering, like a CISCO router, you could "stop" an attack to your host by defining a filter right quick to deny access from the attacker's IP address point. But this could escalate into a cat and mouse game and waste everybody's time. Any other suggestions? ---------------------------------------------------------------- Eric J. Schubert Excellence In Service, Senior Analyst Univ of Notre Dame, IN USA Office of Information Technologies (219) 631-7306 http://www.nd.edu/~eschuber