Maximo Open Forum

Hello community,

I am attempting to test the Denial of Service attack prevention feature in Maximo 7.6.1.2. Our current Maximo user authentication is LDAP (MS AD) based.

I have adjusted the Denial of Service attack settings in mxe.sec.IPblock.sec and generated multiple login attempts with correct user credentials but incorrect passwords, exceeding the threshold specified in mxe.sec.IPblock.num. However, no action was observed, and there was no entry in the loginblock table.

I would greatly appreciate any assistance or insights.

Chavdar

#EverythingMaximo
#Integrations

------------------------------
Chavdar Cholev
Home
------------------------------

Hi 

What is the cadence of failed logins. 

I have tested it with Jmeter and simulated 200 logins in under 30 seconds 

------------------------------
Helio Reis
Mitie

Original Message:
Sent: 03-18-2024 14:03
From: Chavdar Cholev
Subject: Maximo 7.6.1.2 Denial of Service attack

Hello community,

I am attempting to test the Denial of Service attack prevention feature in Maximo 7.6.1.2. Our current Maximo user authentication is LDAP (MS AD) based.

I have adjusted the Denial of Service attack settings in mxe.sec.IPblock.sec and generated multiple login attempts with correct user credentials but incorrect passwords, exceeding the threshold specified in mxe.sec.IPblock.num. However, no action was observed, and there was no entry in the loginblock table.

I would greatly appreciate any assistance or insights.

Chavdar

#EverythingMaximo
#Integrations

------------------------------
Chavdar Cholev
Home
------------------------------

Hello community,

I am attempting to test the Denial of Service attack prevention feature in Maximo 7.6.1.2. Our current Maximo user authentication is LDAP (MS AD) based.

I have adjusted the Denial of Service attack settings in mxe.sec.IPblock.sec and generated multiple login attempts with correct user credentials but incorrect passwords, exceeding the threshold specified in mxe.sec.IPblock.num. However, no action was observed, and there was no entry in the loginblock table.

I would greatly appreciate any assistance or insights.

Chavdar

I haven't looked at the LDAP specific setup but I am not sure that Maximo would be blocking the requests.

The MS AD server would be responsible for the authentication and managing the passwords so I would expect the AD server to be recording the failed loging attempts.

I would expect Maximo to only have to log / handle requests when the user has been successfully authenticated.

The IHS access.log entries should show the login attempts with a HTTP Status code probably in the 400-599 range and probably between 400-499

That would be logical because the request would be passed to the IHS before it is given to the JVM. The JVM would then initiate the LDAP authentication process and the resulting failure should generate a failed request which would be visible in the access.log

Hello community,

I am attempting to test the Denial of Service attack prevention feature in Maximo 7.6.1.2. Our current Maximo user authentication is LDAP (MS AD) based.

I have adjusted the Denial of Service attack settings in mxe.sec.IPblock.sec and generated multiple login attempts with correct user credentials but incorrect passwords, exceeding the threshold specified in mxe.sec.IPblock.num. However, no action was observed, and there was no entry in the loginblock table.

I would greatly appreciate any assistance or insights.

Chavdar

Hi Mark,

I have a case when host was  blocked and there was an entry in loginblock table. So I am trying to simulate this in test environment.
User was not locked in AD. I am testing one mor case... what will happened if user is defined in Maximo, but not in MS AD, my understanding is this host should be blocked as well.

One more case came to my mind .... if same security mechanism will apply if user try to access Maximo with wrong API key?

Thank you Mark & have a great day ahead!

Chavdar  

I haven't looked at the LDAP specific setup but I am not sure that Maximo would be blocking the requests.

The MS AD server would be responsible for the authentication and managing the passwords so I would expect the AD server to be recording the failed loging attempts.

I would expect Maximo to only have to log / handle requests when the user has been successfully authenticated.

The IHS access.log entries should show the login attempts with a HTTP Status code probably in the 400-599 range and probably between 400-499

That would be logical because the request would be passed to the IHS before it is given to the JVM. The JVM would then initiate the LDAP authentication process and the resulting failure should generate a failed request which would be visible in the access.log

Hello community,

I am attempting to test the Denial of Service attack prevention feature in Maximo 7.6.1.2. Our current Maximo user authentication is LDAP (MS AD) based.

I have adjusted the Denial of Service attack settings in mxe.sec.IPblock.sec and generated multiple login attempts with correct user credentials but incorrect passwords, exceeding the threshold specified in mxe.sec.IPblock.num. However, no action was observed, and there was no entry in the loginblock table.

I would greatly appreciate any assistance or insights.

Chavdar