HPE Community
Operating System - OpenVMS
1752805 Members
5364 Online
108789 Solutions
New Discussion юеВ

Re: expiration time of INTRUDER

 
SOLVED
Go to solution
Davor_7
Regular Advisor

тАО09-05-2005 11:49 PM

тАО09-05-2005 11:49 PM

Re: expiration time of INTRUDER

nope~ Miller, i donot think so
John said:
"Each time a new suspect event occurs, the expiration time for that source is incremented by a random time period (between 0.5 and 1.5 times LGI_BRK_TMO). "
it's talking about the SUSPECT and LGI_BRK_TMO.
here, my data is all about INTRUDER and HID_TIM, different scope :)

what's your idea about it?
0 Kudos
Peter Barkas
Regular Advisor

тАО09-06-2005 12:55 AM

тАО09-06-2005 12:55 AM

Re: expiration time of INTRUDER

John G's explanation works for me.

Presumably the intruder timings are added to the suspect timings and therefore the suspect timer randomness applies to the intruder as well? For there to be randomness for suspects but not for intruders would seem illogical.
0 Kudos
Davor_7
Regular Advisor

тАО09-06-2005 01:06 AM

тАО09-06-2005 01:06 AM

Re: expiration time of INTRUDER

but Peter
after my several testing, the SUSPECT timer has no randomness problem. it stictly increases the LGI_BRK_TMO(30 mins) per trial
SUSPECT 1 16:30:34
SUSPECT 2 17:00:36
SUSPECT 3 17:30:40

i only find the randomness on INTRUDER...
0 Kudos
Wim Van den Wyngaert
Honored Contributor

тАО09-06-2005 10:18 PM

тАО09-06-2005 10:18 PM

Re: expiration time of INTRUDER

Don't understand it either.

I did a test generating an intruder in a script.

For suspect it works as described but for intruder ? After 50 intrusions the penalty is still only 1 minute.

John : what do you exactly mean with sliding window ?

Why ?

Wim
Wim
0 Kudos
Wim Van den Wyngaert
Honored Contributor

тАО09-06-2005 10:31 PM

тАО09-06-2005 10:31 PM

Re: expiration time of INTRUDER

Oeps. The intervals are not added. After each login failure 60 seconds are re-applied.

But the 60 seconds seem to be randomized with a value between 1 and 6 seconds (or is it 10% ?), not 0.5 and 1.5.

Wim
Wim
0 Kudos
Davor_7
Regular Advisor

тАО09-06-2005 10:33 PM

тАО09-06-2005 10:33 PM

Re: expiration time of INTRUDER

Yes Wyngaert!
you got the same question i want to ask~

0 Kudos
Wim Van den Wyngaert
Honored Contributor

тАО09-06-2005 10:55 PM

тАО09-06-2005 10:55 PM

Solution

Re: expiration time of INTRUDER

It sure seems to be 10%, I tested with other lgi_hid_tim values.

But it never is negative. So, Davor, in your test it should be between 30 and 33 minutes.
I guess there is some delay between your show time and the intruding time that decreased.

Wim
Wim
0 Kudos
Davor_7
Regular Advisor

тАО09-07-2005 12:51 AM

тАО09-07-2005 12:51 AM

Re: expiration time of INTRUDER

oh~ i'm not so sure about it
but i can do further testing tomorrow and give you the result in time :)

thank you for your reply to clarify my question.
i appreciate that:)
0 Kudos
John Gillings
Honored Contributor

тАО09-07-2005 01:34 PM

тАО09-07-2005 01:34 PM

Re: expiration time of INTRUDER

Davor, Wim,

Good, I'm glad you find it difficult to predict the expiration time, that it the INTENTION of the algorithm.

All you need to know is higher values of LGI_BRK_TMO and LGI_HID_TIM will cause the expiration time to be longer, and lower values shorter. The exact result is deliberately chaotic and subject to change.

Why? So that even folk who know what's happening cannot predict in advance when they can start trying again.
A crucible of informative mistakes
0 Kudos
Davor_7
Regular Advisor

тАО09-07-2005 01:37 PM

тАО09-07-2005 01:37 PM

Re: expiration time of INTRUDER

thanks John~!
thanks all!

i will do some further investigation on Oct.
this month i will work on SLS

sincerely thanks to your reply~ :)
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.