× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. December 2002

Re: Remote Access (Again)

>...A sniffer program MUST be run on your connection...

Many times on this list people have asked how to connect via dsl or
cable modem. I recognize that the cable modem I'm on puts me in a
neighborhood or city network (which is why I run a firewall, and use
vpn to get to remote 400s). Everyone on my lan segment can sniff.
We now have remote offices on dsl, but
we budget for all the security included, not just the $79 a month line.
As for sniffing at your ISP, it really is every hop you make in the
internet.

Analyze your risk and take the appropriate steps for your business.
Security and Disaster Avoidance/Recovery are very much alike.
Just don't hide and assume no one can find you.

jim franz

just for fun - this is an automated script attack against port 80
http server. Took 6 seconds) I get 10-20 a day from different ip's. All
automated.
The 400 (great box that it is) dumps it in the error log and keeps going.
Some automated script  will find if port 23 or any other port is listening
and what
it is listening for. In some cases the script just wants your unpatched IIS
server to roll over and die with a buffer overrun (kind of like knowing the
parameters to call your Order Entry to get an unhandled array index error).
All they have to do is execute the script for a range of addresses and let
it
chug away.
Now - does this keep me from running the 400 webserver?
Absolutely not, in fact I think it's all the more reason to run it here.
Our web traffic is critical to the business!

<script>
/scripts/root.exe
/MSADC/root.exe
/c/winnt/system32/cmd.exe
/d/winnt/system32/cmd.exe
/scripts/..%5c../winnt/system32/cmd.exe
/_vti_bin/..%5c../..%5c../..%5c../winnt/s
/_mem_bin/..%5c../..%5c../..%5c../winnt/s
/msadc/..%5c../..%5c../..%5c/..Á../..Á.
/scripts/..Á../winnt/system32/cmd.exe
/scripts/winnt/system32/cmd.exe
/scripts/..À¯../winnt/system32/cmd.exe
/scripts/..Á../winnt/system32/cmd.exe
/scripts/..S5c../winnt/system32/cmd.exe
/scripts/..S5c../winnt/system32/cmd.exe
/scripts/..%5c../winnt/system32/cmd.exe
/scripts/..%2f../winnt/system32/cmd.exe


----- Original Message -----
From: "Mark A. Manske" <mmanske@minter-weisman.com>
To: <midrange-l@midrange.com>
Sent: Wednesday, December 04, 2002 10:33 AM
Subject: RE: Remote Access (Again)


> One point of note about sniffing software -
> "unless" things have changed in the last two
> or three years (which they could have)
>
> A sniffer program MUST be run on your connection,
> which means that you have a hacker working in-house,
> or there is a hacker working at your ISP -
> not to say that it could not be happening,
> but last time I discussed with security people,
> a sniffer just hanging on the internet can only
> snif traffic there - (but be "warned" that means
> if your people working on your AS/400 do not have
> virus protection, a virus could be placed on their PC
> which would allow the sniffing to occur - this is even
> a danger if you only allow dial-up access)
>
> All communications runs the risk of being hacked -
> go as secure as you can (SSL and run 128 byte encryption -
> the lower ones(40/56) are crack able in a reasonable amount of time)
>
>
>
>
> -----Original Message-----
> From: midrange-l-admin@midrange.com
> [mailto:midrange-l-admin@midrange.com]On Behalf Of Justin Haase
> Sent: Wednesday, December 04, 2002 8:59 AM
> To: 'midrange-l@midrange.com'
> Subject: RE: Remote Access (Again)
>
>
> Thank you.  Well put.
>
> jch
>
> -----Original Message-----
> From: Adam Lang [mailto:aalang@rutgersinsurance.com]
> Sent: Wednesday, December 04, 2002 8:57 AM
> To: midrange-l@midrange.com
> Subject: Re: Remote Access (Again)
>
>
> To sum up everything Scott said:
>
> The problem with Telneting across the internet is that login information
is
> clear text.
>
> So, anyone sniffing packets can grab your as/400 username and password, as
> well as other info going across.
>
> Also, they will know the destination port and ip address.
>
> Which means they can now connect to your as/400 with a valid account.
>
> Think of Telnetting over the internet like sending cash in the mail.  All
it
> takes is someone between you and the letter's address to hold the envelope
> up to the light, see money in it, open it up and take it.
>
> Not to mention it allows brute force attacks on your system too.
>
> As far as:
> > > I've worked with two iSeries machines that were on the
> > > internet for over 5 years with zero troubles.
> >
> > This is like saying "I went five years without any health insurance or
> > other coverage, and I never got sick!"  Or "I drove my motorcycle
without
> > a helmet for 5 years, and I never got hurt!"
> >
> > You were lucky.  That doesn't mean it should be recommended.
>
> Thsi is relatively accurate also, except even further saying you were
never
> sick, when in reality you have terminal cancer.  If someone has
effectively
> compromised your system and they are pros, you WON'T know you have had a
> problem.
>
> How would you knwo if a malicious person logged into your system, and
> printed out information that was on your system?
>
> Not all crackers destroy things.
>
> It's not about if the AS/400 can handle being conencted to the Internet.
t
> can.  But NOTHING should allow telnet access to it over the internet.
>
> Adam Lang
> Systems Engineer
> Rutgers Casualty Insurance Company
> http://www.rutgersinsurance.com
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> or email: MIDRANGE-L-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> or email: MIDRANGE-L-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> or email: MIDRANGE-L-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.