|
James, I'd agree with the assesment that Chris made. It is my understanding that there is an APAR on this MA26080 and that fixes are being made to V4R5, V5R1, and V5R2 on this matter. Michael Crump Saint-Gobain Containers 1509 S. Macedonia Ave. Muncie, IN 47302 (765)741-7696 (765)741-7012 f (800)428-8642 mailto:mike.crump@saint-gobain.com James Rich <james@eaerich.co To: midrange-l <midrange-l@midrange.com> m> cc: bcc: 09/12/02 12:56 PM Subject: OS/400 IP spoofing vulnerability Please respond to midrange-l I just read an interesting paper on IP spoofing. Several systems were tested for their TCP/IP sequence number generators and randomness. It was discovered that insufficiently random TCP/IP sequence numbers result in easy IP spoofing and other attacks (see CERT Advisory CA-2001-09 for more). OS/400 was included in the study and found to be very lacking. Can someone comment on what this means in terms of securing a site? Paper is here: http://lcamtuf.coredump.cx/newtcp/ OS/400 results are here: http://lcamtuf.coredump.cx/newtcp/#os400 James Rich _______________________________________________ This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@midrange.com To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l or email: MIDRANGE-L-request@midrange.com Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
