× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2004

RE: Research Project- If you wanted to Hack an AS/400 theoretically, what would you do?

midrange-l-request@xxxxxxxxxxxx wrote:

  9. RE: Research Project- If you wanted to Hack an AS/400
     theoretical   ly, what would you do? (NFM) (rob@xxxxxxxxx)

There are some manuals to start with. 

"Tips and tools for securing your iSeries"
http://publib.boulder.ibm.com/iseries/v5r2/ic2924/books/c4153006.pdf

Rob's first manual is probably the best place to start. By describing particular items to pay attention to while securing the system, the common avenues of attack are also implicitly listed. I was very irritated when IBM started putting manuals such as this on the web because of that. But it's out there now, so might as well know it thoroughly.

After this manual, a lot of decent TCP/IP-related attack info is also potentially applicable since TCP/IP and the common server applications -- e.g., telnet, FTP -- are standard. Further, because AS/400s often participate in Windows Network Neighborhood, some Windows network avenues are possible.

Al mentioned QSECOFR/QSECOFR which is embarassingly common. But especially on older systems, a profile such as QSRVBAS was often ignored entirely. That brings a new slant to the search by highlighting the importance of keeping current with OS/400.

Because of the range of services possible under OS/400, the range of attack avenues is pretty big. Start at the beginning; you've got a ways to go.

Tom Liotta

--
Tom Liotta
The PowerTech Group, Inc.
19426 68th Avenue South
Kent, WA 98032
Phone  253-872-7788 x313
Fax    253-872-7904
http://www.powertech.com



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.