Why access to the servers is denied?

rainbow_bean · February 1, 2011, 12:32pm

There is one aix server, IP is 152.240.28.14, the user IP is 152.240.88.64, The user is able to get access briefly then all access is denied from the whole subnet 152.240.88.0. a short while later access is granted and the same thing happens all over again.

  The customer is able to ping the gateway of the servers no problem while the access to the servers is denied.

what's the problem from aix side?

zxmaus · February 1, 2011, 2:47pm

what do you exactly mean with get access briefly. This looks like AIX is detecting intrusion and is preventing all access from the corresponding subnet

What AIX version are you on ?

Regards
zxmaus

rainbow_bean · February 1, 2011, 3:19pm

AIX is V5.2.

but only that IP get denied. Other IPs are ok to connect with server.
get access briefly means can login a few minutes then be kicked off

zxmaus · February 1, 2011, 7:47pm

Is this only happening to one particular user or for all users logging in to this particular host?

This sounds to me like some weird timeout setting on the router/switch or -as said before - some misguided intrusion detection or user profile setting. I would understand the behaviour if your user could not login at all but this way ... hmmm. Is your user kicked out after some inactivity or while he is actively working on the host ?

Regards
zxmaus

aix-guy · February 2, 2011, 9:11pm

ok out of curiosity anything in errpt?

manifestox · February 3, 2011, 11:38am

Good Morning,

When you mentioned access is denied for a shortwhile, did you ask to see if the user can login through a different subnet and verified they were able to login?

Did they type in the password incorrectly, or use some form of LDAP authentication?

Do you have ipfilters installed for AIX, that might activate when it senses too many connections?

rainbow_bean · February 3, 2011, 1:04pm

if ping the gateway of the servers no problem while the access to the servers is denied. what's the problem? other IPs don't have this problem.

manifestox · February 3, 2011, 2:15pm

What type of access denied problems to they get, for instance:

1) Do they attempt to connect through ssh and then it just times out and then just exists out.
2) Or if they perform a ssh connection, do they get a password prompt and then they cant login even when they type it in correctly?

Your responses are a bit vague and i wish you can clarify.
BTW you didnt really answer my question earlier.

When the user encounters this problem, do you have that same user log in though a different IP address?

Thanks.