× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MI400
  3. June 2001

Re: No single case of hacking...

  • Subject: Re: No single case of hacking...
  • From: Douglas Handy <dhandy1@xxxxxxxxxxxxx>
  • Date: Thu, 07 Jun 2001 11:13:14 -0400
 
Leif,

Joe said:
>> On the other hand, if I were to give you the appropriate passwords, etc.,
>> you could also access my machine through 5250 

Leif said:
>===> assume that I knew the passwords, I still cannot telnet to your box,
>so what do you mean by "you could also access my machine" ?

I think one of the operative parts of Joe's message was "etc".  He also did not
say Telnet, he said 5250, which may mean Telnet or it may mean something like CA
or CAE.  He did say Telnet wasn't "open" but he didn't say it wasn't running.

For example, I have a client with Telnet running.  But port 23 is blocked.  I
use port mapping to translate a specific high-number port to 23 as it passes
through the firewall.  But that port doesn't respond to pings either.  And it
only passes the Telnet traffic through if the origination IP is in a very
limited set of IP addresses (eg the MIS manager's home static IP, my IP, etc).
Anything else gets dropped silently by the firewall, after logging it of course.

Since we had a few spare IPs in their static IP block, the Telnet traffic also
is restricted to coming in via a different IP address than the other traffic.
This IP address does not have a DNS entry, but it does have extra logging. :)

Then if you do get to the Telnet server, an exit program performs more
validations (user vs IP origination, etc) and would reject most signons, even
with a valid userid and password.

I can access the machine just fine using Telnet.  I can even access it from my
Palm if I need to.  But I wouldn't say that Telnet is "open", and you'd
(hopefully) have a hard time spoofing the IP's and port numbers to gain access.

Yet if I gave you the "appropriate passwords, etc" you could also access the
machine.  Like Joe, I just don't make that information public. <g>

Doug

+---
| This is the MI Programmers Mailing List!
| To submit a new message, send your mail to MI400@midrange.com.
| To subscribe to this list send email to MI400-SUB@midrange.com.
| To unsubscribe from this list send email to MI400-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: dr2@cssas400.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.