Good News Everybody!
The new search engine is LIVE!
Please report any problems to david (at) midrange.com.
|
Frank, You definitely need to roll your own exit program(s), or look at PowerLock NetworkSecurity or other similar product(s). -----Original Message----- From: midrange-l-admin@midrange.com [mailto:midrange-l-admin@midrange.com]On Behalf Of Frank W. Kany IV Sent: Wednesday, May 22, 2002 10:40 AM To: midrange-l@midrange.com Subject: Re: FTP commands over a VPN to an AS/400 Below is an example of how I deleted an object from a library from which I am not supposed to have authority to. We are concerned that a remote client who is connected to our AS/400 might try to tamper with our system or start snooping around simple by opening up an MS-DOS prompt on their PC. Below is an example of how I was able to delete an object using FTP from MS-DOS prompt on my PC. Is there a way to stop users from accessing the AS/400 using FTP from MS-DOS prompt. (MS-DOS Prompt) C:\ftp 999.999.999.99 Connected to 999.999.999.99 220-QTCP at 999.999.999.99 220 Connection will close if idle more than 5 minutes. User (999.999.999.99:(none)) : frank 331 Enter password. Password: 230 FRANK logged on. ftp> dir franktest 200 PORT subcommand request successful. 125 List started. FRANK 315392 05/21/02 15:43:53 *FILE FRANKTEST/BHFILES FRANK *MEM FREANKTEST/BHFILES.BHFILES 250 List completed ftp: 299 bytes received in 0.00Seconds 299000.00Kbytes/sec. ftp> delete franktest/bhfiles 250 File BHFILES in library FRANKTEST deleted. ftp> quit 221 QUIT subcommand received ----- Original Message ----- From: "Frank W. Kany IV" <frank.kany@burr-reid.org> To: <midrange-l@midrange.com> Sent: Wednesday, May 22, 2002 8:33 AM Subject: FTP commands over a VPN to an AS/400 - (spelling corrections) > This is a multi-part message in MIME format. > -- > [ Picked text/plain from multipart/alternative ] > A client of ours insists on encrypting a file and sending it via FTP instead of emailing it. We have never let a customer FTP into our AS/400 before. > > For test purposes, I played around with running FTP commands from my home via a VPN to the AS/400 at work to test out how our client would get into our system. I was surprised to find out that when I added or deleted a file from the system, there was no record or log of my activities when I was signed on via FTP. > > Our company has to setup the VPN software on the client's PC to enable them to FTP to our AS/400. > > Is there a way to keep track or log any kind of FTP commands or anything done to the system while a customer is signed on via FTP? Or, is there a way to limit what a user can do while signed on via FTP? > > TIA, > > Frank > -- > > > _______________________________________________ > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list > To post a message email: MIDRANGE-L@midrange.com > To subscribe, unsubscribe, or change list options, > visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l > or email: MIDRANGE-L-request@midrange.com > Before posting, please take a moment to review the archives > at http://archive.midrange.com/midrange-l. > _______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l or email: MIDRANGE-L-request@midrange.com Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
