× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. May 2002

Re: FTP commands over a VPN to an AS/400

This is a multipart message in MIME format.
--
[ Picked text/plain from multipart/alternative ]
How did you know that you were not supposed to have access to that object?
 If you do a
DSPOBJAUT OBJ(FRANKTEST/BHFILES) OBJTYPE(*FILE)
do you have access to it?  If so, what kind?  Don't assume that just
because the user FRANK has LMTCPB(*YES) that it should stop you.  That
only applies to 5250.

If your canned software is too limited to use real object authority, (by
real object authority I mean that FRANK would not have access to that
file, even if he had LMTCPB(*NO), unless he was running a program which
adopted authority), then you need to look at locking down your exit
points.  To do this you can patch it together by evaluating each of the
over 100 exit points at WRKREGINF, or you can purchase a package.  For a
list of packages you can check:
http://faq.midrange.com/data/cache/198.html

For a simple exit point program for ftp you can check:
http://publib-b.boulder.ibm.com/Redbooks.nsf/9445fa5b416f6e32852569ae006bb65f/71a9aafc8b1ed4c38525659d002a5781?OpenDocument

Rob Berendt
--
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
Benjamin Franklin




"Frank W. Kany IV" <frank.kany@burr-reid.org>
Sent by: midrange-l-admin@midrange.com
05/22/2002 12:39 PM
Please respond to midrange-l


        To:     <midrange-l@midrange.com>
        cc:
        Fax to:
        Subject:        Re: FTP commands over a VPN to an AS/400


Below is an example of how I deleted an object from a library from which I
am not supposed to have authority to.  We are concerned that a remote
client
who is connected to our AS/400 might try to tamper with our system or
start
snooping around simple by opening up an MS-DOS prompt on their PC.  Below
is
an example of how I was able to delete an object using FTP from MS-DOS
prompt on my PC.

Is there a way to stop users from accessing the AS/400 using FTP from
MS-DOS
prompt.

(MS-DOS Prompt)
C:\ftp 999.999.999.99
Connected to 999.999.999.99
220-QTCP at 999.999.999.99
220 Connection will close if idle more than 5 minutes.
User (999.999.999.99:(none)) : frank
331 Enter password.
Password:
230 FRANK logged on.
ftp> dir franktest
200 PORT subcommand request successful.
125 List started.
FRANK              315392 05/21/02 15:43:53 *FILE    FRANKTEST/BHFILES
FRANK                                             *MEM
FREANKTEST/BHFILES.BHFILES
250 List completed
ftp: 299 bytes received in 0.00Seconds 299000.00Kbytes/sec.
ftp> delete franktest/bhfiles
250 File BHFILES in library FRANKTEST deleted.
ftp> quit
221 QUIT subcommand received


----- Original Message -----
From: "Frank W. Kany IV" <frank.kany@burr-reid.org>
To: <midrange-l@midrange.com>
Sent: Wednesday, May 22, 2002 8:33 AM
Subject: FTP commands over a VPN to an AS/400 - (spelling corrections)


> This is a multi-part message in MIME format.
> --
> [ Picked text/plain from multipart/alternative ]
> A client of ours insists on encrypting a file and sending it via FTP
instead of emailing it.  We have never let a customer FTP into our AS/400
before.
>
> For test purposes, I played around with running FTP commands from my
home
via a VPN to the AS/400 at work to test out how our client would get into
our system.  I was surprised to find out that when I added or deleted a
file
from the system, there was no record or log of my activities when I was
signed on via FTP.
>
> Our company has to setup the VPN software on the client's PC to enable
them to FTP to our AS/400.
>
> Is there a way to keep track or log any kind of FTP commands or anything
done to the system while a customer is signed on via FTP?  Or, is there a
way to limit what a user can do while signed on via FTP?
>
> TIA,
>
> Frank
> --
>
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> or email: MIDRANGE-L-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>


_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.