- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: expiration time of INTRUDER
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-05-2005 11:49 PM
тАО09-05-2005 11:49 PM
Re: expiration time of INTRUDER
John said:
"Each time a new suspect event occurs, the expiration time for that source is incremented by a random time period (between 0.5 and 1.5 times LGI_BRK_TMO). "
it's talking about the SUSPECT and LGI_BRK_TMO.
here, my data is all about INTRUDER and HID_TIM, different scope :)
what's your idea about it?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-06-2005 12:55 AM
тАО09-06-2005 12:55 AM
Re: expiration time of INTRUDER
Presumably the intruder timings are added to the suspect timings and therefore the suspect timer randomness applies to the intruder as well? For there to be randomness for suspects but not for intruders would seem illogical.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-06-2005 01:06 AM
тАО09-06-2005 01:06 AM
Re: expiration time of INTRUDER
after my several testing, the SUSPECT timer has no randomness problem. it stictly increases the LGI_BRK_TMO(30 mins) per trial
SUSPECT 1 16:30:34
SUSPECT 2 17:00:36
SUSPECT 3 17:30:40
i only find the randomness on INTRUDER...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-06-2005 10:18 PM
тАО09-06-2005 10:18 PM
Re: expiration time of INTRUDER
I did a test generating an intruder in a script.
For suspect it works as described but for intruder ? After 50 intrusions the penalty is still only 1 minute.
John : what do you exactly mean with sliding window ?
Why ?
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-06-2005 10:31 PM
тАО09-06-2005 10:31 PM
Re: expiration time of INTRUDER
But the 60 seconds seem to be randomized with a value between 1 and 6 seconds (or is it 10% ?), not 0.5 and 1.5.
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-06-2005 10:33 PM
тАО09-06-2005 10:33 PM
Re: expiration time of INTRUDER
you got the same question i want to ask~
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-06-2005 10:55 PM
тАО09-06-2005 10:55 PM
SolutionBut it never is negative. So, Davor, in your test it should be between 30 and 33 minutes.
I guess there is some delay between your show time and the intruding time that decreased.
Wim
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-07-2005 12:51 AM
тАО09-07-2005 12:51 AM
Re: expiration time of INTRUDER
but i can do further testing tomorrow and give you the result in time :)
thank you for your reply to clarify my question.
i appreciate that:)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-07-2005 01:34 PM
тАО09-07-2005 01:34 PM
Re: expiration time of INTRUDER
Good, I'm glad you find it difficult to predict the expiration time, that it the INTENTION of the algorithm.
All you need to know is higher values of LGI_BRK_TMO and LGI_HID_TIM will cause the expiration time to be longer, and lower values shorter. The exact result is deliberately chaotic and subject to change.
Why? So that even folk who know what's happening cannot predict in advance when they can start trying again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО09-07-2005 01:37 PM
тАО09-07-2005 01:37 PM
Re: expiration time of INTRUDER
thanks all!
i will do some further investigation on Oct.
this month i will work on SLS
sincerely thanks to your reply~ :)