× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. September 2001

RE: QIBM_QTG_DEVINIT - Telnet Device Initialization Exit Program

Ian:

On Thu, 20 September 2001, Ian Scotson wrote:

> 1. The sample exit progs ive seen for Telnet seem to use
> IP addressing as their main method of determining
> who to allow/disallow in. Any other considerations
> in particular? ( its not like FTP where the obvious ones
> also include Directorys and commands..)

Telnet clients come in two basic flavors, standard and enhanced; for 5250 
telnet, that basically means TN5250 and TN5250E. A major difference is that 
enhanced clients can send a user ID/password when requesting a session rather 
than requiring a signon panel be displayed. Example exit programs focus on 
standard clients.

Not needing a signon screen (bypass signon) means not sending the user ID and 
password across as part of the telnet session data. However, the programming is 
more complex for handling the user ID/password. Done improperly, it can leave 
your system wide open.

> 2. What determines its Telnet? I understand that some
> clever people can use non std ports to attach to machines
> via telnet/FTP. eg: telnet to port 110 (pop3) on an NT box.
> Is that relavent here? What is it that actually kicks off
> the exit program - the port or the telnet server?

Although a telnet client can be used to talk directly to many TCP/IP 
applications such as SMTP and POP, the exit program is triggered by the telnet 
server. There's generally no reason to invoke a telnet exit program for any 
other server. It doesn't matter if the POP server is talking to a POP client or 
a telnet client. It's the commands being sent across that matter.

> 3. Ran some IP tools against our IP devices to test general security,
> eg: Cisco rtr, AS/400.
> Came up with a comment about "TCP Sequence Prediction:"
> Cisco came up with truly Random - tough nut.
> AS/400 came up with xxxxx - a joke!
>
> What is this, what does it mean, and can we do anything about it?

I'm not good enough to describe this well, but it's a partial indication 
whether a TCP/IP conversation can hijacked. It may or may not make any 
difference depending on what protections you have in place. If you have a 
strong firewall, use secure communications, etc., that's where the protection 
should be. Sequence prediction was one of the flaws in TCP/IP that led to those 
proterctions being developed. Follow good practices and problems are extremely 
unlikely. (Maybe use Cisco routers <g>.)

Tom Liotta

--
Tom Liotta
The PowerTech Group, Inc.
19426 68th Avenue South
Kent, WA 98032
Phone  253-872-7788
Fax  253-872-7904
http://www.400Security.com


___________________________________________________
The ALL NEW CS2000 from CompuServe
 Better!  Faster! More Powerful!
 250 FREE hours! Sign-on Now!
 http://www.compuserve.com/trycsrv/cs2000/webmail/

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.