RE: FTP with server down -- MIDRANGE-L

Christ (scuse the language) I'm ready to kill someone. I attempted to use the 
command as shown below, that is
NETSTST *CNN
and it came back with Procedure or command not found.
As I'm just a lowly programmer, I was thinking that I was'nt authorized to this 
command, so I called our Information Security guys (they have an equivalent of 
QSECOFR) for them to try this command. While I was on hold I realized that the 
command should in fact be
NETSTAT *CNN instead (talk about not thinking clearly.)
Anyway, while I was still on hold I tried the correct command and it showed 
nothin unusual for port 21(thank God).
At this time the Info Sec guy came on the phone. I explained that he was'nt 
wanted, thanked him anyway, and was about to hang up. He then asked me why I 
kept ending HIS FTP server.
Talk about pregnant pause with alarm bells.
To try and cut an already long story short, he has been testing the FTP 
procedures this past couple of weeks, even though I was told that they could 
not reach them til late September. It seems that each time that I had ended the 
FTP sever, (while he was testing) he has immediately started it again.
I explained what I was trying to prove (or disprove). His remark was, that he 
had already tested that when the FTP server is NOT running, you CANNOT ftp from 
another platform.
So thanks to everyone, my apologies for creating more work for everyone 
concerned.



>>> Chris Bipes <chris.bipes@cross-check.com> 09/14/01 12:18PM >>>
Alan,

Use the command NETSTST *CNN on your AS400 and see what is listening on port
21, the ftp port.  If your FTP server are truly ended, and staying ended.
If something is listening on this port, well someone has hacked your system.

Christopher K. Bipes      mailto:ChrisB@Cross-Check.com
Operations & Network Mgr  mailto:Chris_Bipes@Yahoo.com
CrossCheck, Inc.                  http://www.cross-check.com
6119 State Farm Drive     Phone: 707 586-0551 x 1102
Rohnert Park CA  94928    Fax: 707 586-1884

-----Original Message-----
From: alan shore [mailto:SHOREA@dime.com]
Sent: Friday, September 14, 2001 9:01 AM
To: midrange-l@midrange.com
Subject: RE: FTP with server down


Just to make sure I'm not going nuts (my wife and daughter would argue that
point) I just tried it again. Submitted the command ENDTCPSVR  SERVER(*FTP),
and verified that there was/were no FTP servers active. Tried to FTP from
MS-DOS. Lo and behold connection.
As I'm fairly new to FTP on the AS/400 I assumed this was normal. Because of
the replies on this particular thread, this needs to be investigated.
I will let you know of any discoveries.
Thanks all.

>>> "Dave George (400times)" <editor@400times.co.uk> 09/14/01 11:51AM >>>
Connection refused without the FTP server started on my v4r5 box.
Sure beats conventional wisdom!


-----Original Message-----
From: midrange-l-admin@midrange.com
[mailto:midrange-l-admin@midrange.com]On Behalf Of Steve McKay
Sent: 14 September 2001 16:39
To: midrange-l@midrange.com
Subject: Re: FTP with server down



"alan shore" <SHOREA@dime.com> wrote:

"Using the command (ENDTCPSVR  SERVER(*FTP)) to ensure that no FTP server
was
running, I was able to FTP from MS DOS to the AS/400 using my AS/400 user
 profile and password. If I am NOT authorized to our FTP authorization list
, I will be denied. (EXIT programs having been installed and implemented) .
 If I AM authorized to our FTP authorization list, I can proceed, with what
 I am authorized to do, with the regular AS/400 security AND whatever
security
has been applied via the exit programs."

If this is correct, then I would think that it would be a HUGE security
hole.  It is my understanding that, if the FTP server is not running, there
is nothing 'at the other end' to even present you with a user ID/password
challenge and you get a "Connection refused" message.  I am still unable to
cause the described behavior on my V4R5 system.  Is it possible that this
occurred via the Trivial FTP server?

Curious-er,

Steve

_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.