HPE Community
Operating System - OpenVMS
1753436 Members
4887 Online
108794 Solutions
New Discussion юеВ

Re: VMS Login prompt disconnects after 20 seconds?

 
Wim Van den Wyngaert
Honored Contributor

тАО06-11-2007 06:58 PM

тАО06-11-2007 06:58 PM

Re: VMS Login prompt disconnects after 20 seconds?

BTW on a 400 Mhz AS 500.

CPU used by decw processes

1) holding enter : 15% cpu
2) displaying the output of dir : 95% cpu + 5% taken by the fta process.
3) idem 2 but in a remote session : 99% cpu + 1 for the fta session

I have a few alarms per years for users doing a dir/fu and going for a coffee. Or running a program displaying (a lot of) debug info.

fwiw

Wim
Wim
0 Kudos
Reply
Wim Van den Wyngaert
Honored Contributor

тАО06-11-2007 07:01 PM

тАО06-11-2007 07:01 PM

Re: VMS Login prompt disconnects after 20 seconds?

Just found out that the return on username also results in intruder alarm. Every 15 returns it says "user authorization failure". And this builds up to intrusion.

Fwiw

Wim
Wim
0 Kudos
Reply
Wim Van den Wyngaert
Honored Contributor

тАО06-11-2007 07:07 PM

тАО06-11-2007 07:07 PM

Re: VMS Login prompt disconnects after 20 seconds?

While trying all ways to login I found that ftp logs intruders based upon their IP address. So 1 user can block all ftp requests coming from a node. Nice.

fwiw

Wim
Wim
0 Kudos
Reply
Richard W Hunt
Valued Contributor

тАО12-07-2007 09:54 AM

тАО12-07-2007 09:54 AM

Re: VMS Login prompt disconnects after 20 seconds?

For those who say that this login timeout is not a security feature, I beg to differ.

(Only part of this post is tongue-in-cheek.)

Government directives such as Dept. of Navy's CTO 2006-04 and CTO 2006-07 mandate that a session that gets started by a remote connect source must complete the connection within a time limit or be forcibly ejected. They say it is a security issue. I, being a puny little contractor, have no chance in Hell of convincing anyone that it isn't so much of a problem.

Therefore, by direction of the US Navy, that timeout is there for your security. And because it is there, my system can comply with Navy rules.

Now, having said what I said, there is this to consider: It might or might not help security, but it IS a resource issue if you are in a network address translation environment. It is just that the resource being conserved isn't on the Alpha, it is on your NAT'ing firewall appliance. Ditto for proxy services.

Now, if this becomes a resource issue, then it IS a security issue, too, because of the concept of Denial Of Service. If I can do something that denies service to a machine - by consuming all the resources used to get to it - then there really IS a security factor to consider.

You must remember that security doesn't stop at the shell of the server's enclosure. The paths leading to it are important, too. And if you can drop the silent session, you are helping to conserve resources used to access your system.
Sr. Systems Janitor
0 Kudos
Reply
Robert Brooks_1
Honored Contributor

тАО12-07-2007 08:56 PM

тАО12-07-2007 08:56 PM

Re: VMS Login prompt disconnects after 20 seconds?

Later he called back to say he'd worked out that an operator had knocked over a TK50 cartridge onto the ENTER key of a terminal. This had resulted in the "Username:" prompt rolling over for the whole weekend.

--

Thanks for giving me another reason to dislike
TK50's :-). Then again, I'd take a TK50 any day over a TU58 . . .

Side note -- a TK50 with a TQK70 controller was not a bad combination!

-- Rob
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.