× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2005

RE: IBM's benevolent hacking

A "level of service" of a particular TCP/IP service is determined by a 
standards body.  Thus if there is a higher one than is currently supported 
by OS/400 then it is my belief that someone out there is actually using 
it.

Now, IBM does have a PTF that is supposed "to fix some vulnerability 
problems" with the service in question.  Would it raise the level of 
service to that currently offered on other platforms?  No.  Is this good 
enough, meaning, does it lock down the holes?  That I am still trying to 
determine.  Did I have this PTF on before their last foray?  Yes.  What 
ptf was it?  Sorry, but that points out what service we're talking about.

Rob Berendt
-- 
Group Dekko Services, LLC
Dept 01.073
PO Box 2000
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





"Joe Pluta" <joepluta@xxxxxxxxxxxxxxxxx> 
Sent by: midrange-l-bounces@xxxxxxxxxxxx
01/27/2005 02:11 PM
Please respond to
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>


To
"'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx>
cc

Subject
RE: IBM's benevolent hacking






Let me get this straight.  You contracted with IBM for a security
assessment, and they gave you a document in which there was at least one
issue that was a TCP/IP security problem.

This is where I get confused.  I don't know what a "TCP/IP level of
service" is, but from your post, it seems there is a fix that involves
some sort of patch to TCP/IP that is not available and will never be
made available on OS/400.

In summary, IBM has informed you of a security risk in the OS/400
implementation of TCP/IP that IBM has said will not be fixed.  Is that
correct?  If so, I'm sure I can find someone who has an opinion on that
matter.

A couple of other questions may help.  Is this problem fixed in pSeries
or xSeries boxes?  Is it fixed by other OS vendors?  Is this problem
something inherent in the RFC793 specification?  Has there been some
additional RFC written that addresses this deficiency?

Joe

> From: rob@xxxxxxxxx
> 
> Some are OS/400 TCP/IP specific.  I've opened PMR's and was told the
newer
> level of service is not offered under OS/400.  There was no plan on
going
> to that level of service.  So I don't know if I should throw chairs,
open
> DCR's or both.

-- 
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing 
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.