Re: Intrusion attempts

From: Syltrem (syltremzulu_at_videotron.ca)
Date: 02/04/05 

Date: Fri, 4 Feb 2005 15:47:23 -0500

"Peter Weaver" <WeaverConsultingServices@sympatico.ca> a écrit dans le
message de news:36htg0F52uqiaU1@individual.net...
> so ANA/AUD/EV=LOGFAIL is what you need rather than /EV=BREAKIN.
>
> On the system I just tried (VAX/VMS 7.1) LGI_BRK_LIM is 5, so my 6th try
> showed up in the audit record as a breakin attempt with both the
> username and password showing. I do not have Auditing turned on for
> local login failures, but if I did the 1st to 5th attempts should have
> shown up with no password.
>

Yes Peter, that should have been /EVENT=LOGFAIL, not BREAKIN

But I still don't see the attempted username until I reach breaking limit.

My problem is that I have users who are preventing people in the whole shop
to log in, by locking up the IP port (source) from where all users of
handheld devices are logging in.
I thought that if I had the username information they are using, maybe (just
maybe) I would have an idea if they do that by mistake or by intent.
Right now I unlock (delete/intrusion) the port at interval. I don't like
that but I can't have everyone in there locked up when they change shifts
and try to log in. 

-- 
Syltrem
OpenVMS 7.3-1 + Oracle 8.1.7.4
http://pages.infinit.net/syltrem (OpenVMS related web site, en français)
---zulu is not in my email address---
> -- 
> Peter Weaver
> Weaver Consulting Services Inc.
> Canadian VAR for CHARON-VAX
> www.weaverconsulting.ca
>
>