|
On Sat, Nov 13, 1999 at 07:30:07PM +0100, Herbert Groot Jebbink wrote: > Hello, > > When I start tn5250 I get the next error. > > Could not negotiate session -> 5 > > Mocha TN5250 for Win32 works fine for the same host, > so I think it is not a server error. It's an error message returned by the 400 - that message doesn't even exist in the 5250 emulator. I'm suspecting that your 400 is set to require some optional emulator feature which we haven't implemented. On the other hand, tn5250 0.13.12 works fine, so that doesn't make sense. And 0.14.0 works fine for me as well. Okay, make sure all previous versions of the emulator are eradicated from your hard drive, remove your source and re-download it, and build it clean from scratch. Try again. If it *still* doesn't work, post more information about what distribution/OS/method of networking used to connect/from where and anything that might be out of the ordinary. Optionally, you can send me a tracefile (see my security complaint below however). > > The host IP is 194.109.102.115 Eeeww, it's not behind a firewall? I wouldn't do that. Password security isn't good security, no matter how it's set up. In addition, if you can connect unencrypted via the Internet, users are transmitting their passwords in the clear. If I were you I would (at least) immediately require the AS/400 reject unencrypted (non-SSL) connections. If I were hired as a consultant to implement Internet connectivity to the Internet (which I have been), I would recommend a firewall which must authenticate the users somehow before they can get to the AS/400; indeed, if that recommendation were refused, I would probably require in writing that my consulting agency would not be liable for damages done by a hacker. My personal preference is to use a Linux firewall with nothing running but SSH and/or PoPToP, and require 'nix users to use RSA authentication with SSH and SSH port forwarding to get to the 400, and Windows users can use the built-in Virtual Private Networking Adapter to get to the local network. In any case, given how the 5250 protocol is designed, the AS/400 being susceptible to a buffer overflow attack is very possible given all the differnet structures expected to be different sizes in the 5250 data stream. It's a much more complicated protocol than plain telnet, and therefore much more likely to have weeknesses. You are probably the fourth or fifth person I've heard of who is doing this, so I'm beginning to think there is real cause for concern. -Jay 'Eraserhead' Felice > > Host: OS/400 4.4 > Client: Linux 2.2.10, tn5250 0.14.0 > > Greetings, Herbert +--- | This is the LINUX5250 Mailing List! | To submit a new message, send your mail to LINUX5250@midrange.com. | To subscribe to this list send email to LINUX5250-SUB@midrange.com. | To unsubscribe from this list send email to LINUX5250-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.