× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Sorry about that, but I've probably already discussed this more than my 
boss wants.

Gotta go IPL www.dekko.com.  All sorts of stuff locked up on that i5.

Rob Berendt
-- 
Group Dekko Services, LLC
Dept 01.073
PO Box 2000
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





"Steve Landess" <sjl_abc@xxxxxxxxxxx> 
Sent by: midrange-l-bounces@xxxxxxxxxxxx
01/27/2005 02:49 PM
Please respond to
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>


To
"Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
cc

Subject
Re: IBM's benevolent hacking






Rob-

You almost sound like an IBM salesman:

"We know that there is a vulnerability in the OS for which there exists a 
current PTF, but you'll have to buy our service and spend thousands of 
dollars before we'll tell you what it is..."

Steve

----- Original Message ----- 
From: <rob@xxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Thursday, January 27, 2005 1:34 PM
Subject: RE: IBM's benevolent hacking


>A "level of service" of a particular TCP/IP service is determined by a
> standards body.  Thus if there is a higher one than is currently 
supported
> by OS/400 then it is my belief that someone out there is actually using
> it.
>
> Now, IBM does have a PTF that is supposed "to fix some vulnerability
> problems" with the service in question.  Would it raise the level of
> service to that currently offered on other platforms?  No.  Is this good
> enough, meaning, does it lock down the holes?  That I am still trying to
> determine.  Did I have this PTF on before their last foray?  Yes.  What
> ptf was it?  Sorry, but that points out what service we're talking 
about.
>
> Rob Berendt
> -- 
> Group Dekko Services, LLC
> Dept 01.073
> PO Box 2000
> Dock 108
> 6928N 400E
> Kendallville, IN 46755
> http://www.dekko.com
>
>
>
>
>
> "Joe Pluta" <joepluta@xxxxxxxxxxxxxxxxx>
> Sent by: midrange-l-bounces@xxxxxxxxxxxx
> 01/27/2005 02:11 PM
> Please respond to
> Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
>
>
> To
> "'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx>
> cc
>
> Subject
> RE: IBM's benevolent hacking
>
>
>
>
>
>
> Let me get this straight.  You contracted with IBM for a security
> assessment, and they gave you a document in which there was at least one
> issue that was a TCP/IP security problem.
>
> This is where I get confused.  I don't know what a "TCP/IP level of
> service" is, but from your post, it seems there is a fix that involves
> some sort of patch to TCP/IP that is not available and will never be
> made available on OS/400.
>
> In summary, IBM has informed you of a security risk in the OS/400
> implementation of TCP/IP that IBM has said will not be fixed.  Is that
> correct?  If so, I'm sure I can find someone who has an opinion on that
> matter.
>
> A couple of other questions may help.  Is this problem fixed in pSeries
> or xSeries boxes?  Is it fixed by other OS vendors?  Is this problem
> something inherent in the RFC793 specification?  Has there been some
> additional RFC written that addresses this deficiency?
>
> Joe
>
>> From: rob@xxxxxxxxx
>>
>> Some are OS/400 TCP/IP specific.  I've opened PMR's and was told the
> newer
>> level of service is not offered under OS/400.  There was no plan on
> going
>> to that level of service.  So I don't know if I should throw chairs,
> open
>> DCR's or both.
>
> -- 
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>
> -- 
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing 
> list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
> 
-- 
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing 
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.