netpass-users

[Netpass-users] looping through NetPass

[Julian Y. K. <ko...@no...>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In the past, the main problem with people looping through the NetPass
registration process (ie, after the Nessus scan is complete and passed, the
user goes back to the initial Login page) was either not accepting cookies
and/or bad date/time outside the cookie validity range.

However, this year we're still seeing a fair number of people with this
problem.  The cause for some of them appears to be misconfiguration in some
cases, in that if their switch isn't properly entered into the NetPass VLAN
map, the port never gets flipped to the UNQUAR VLAN.

I wonder now if perhaps toolbars and other things that are constantly trying
to update information via HTTP are causing NetPass to get confused by having
a large number of sessions open, perhaps even overflowing the total number of
sessions that NetPass/Apache can handle and thus putting some people back
into the LOGIN phase.

Does that sound like a reasonable hypothesis at all?


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)
Comment: <http://bt.ittns.northwestern.edu/julian/pgppubkey.html>

iQA/AwUBQytHYw5UB5zJHgFjEQIG0ACgglXXxRemtcpHPmvQLF1jsVjSPAQAoNpq
sHRL0nLUOJx5HjxAmmrYg8kq
=J7nN
-----END PGP SIGNATURE-----

-- 
Julian Y. Koh                         <mailto:ko...@no...>
Network Engineer                                   <phone:847-467-5780>
Telecommunications and Network Services         Northwestern University
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/pgppubkey.html>

Re: [Netpass-users] looping through NetPass

[jeff m. <jcm...@os...>]

On Fri, 2005-09-16 at 17:29 -0500, Julian Y. Koh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----

> I wonder now if perhaps toolbars and other things that are constantly trying
> to update information via HTTP are causing NetPass to get confused by having
> a large number of sessions open, perhaps even overflowing the total number of
> sessions that NetPass/Apache can handle and thus putting some people back
> into the LOGIN phase.


that could possibly be true. we periodically report on top-URLs and
instruct mod_rewrite to deny those. attached is the current list that we
filter. we generate this list by doing a simple awk/sort/uniq on
access_log and looking for urls that are obviously coming from automated
apps.

the sessions, even though there are many of them, are mostly short-
lived. so unless you see many hundreds of httpd processes running,
that's probably not what's happening. 

have you put the latest netpass code in place along with disabling
cookies per the instructions i sent out a week or two ago? that should
resolve any toolbar related looping issues (which we saw here at UB as
well).

jeff