× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. May 2009

RE: Is someone trying to hack my system?

Use SSL for your Telnet. Then the CMM Trace will not even show the
password. Try it and post the results.



Chris Bipes
Director of Information Services
CrossCheck, Inc.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Thursday, May 21, 2009 5:56 AM
To: Midrange Systems Technical Discussion
Subject: RE: Is someone trying to hack my system?

Just in general, the hackers don't normally care what anyone makes. So
even if you do nothing but stamp out common washers, only run ERP and
all
accounting and payroll software is done on a different box (so no
financial, bank account information, SSN's, etc) doesn't matter. All
they
care is can they use you to store ftp data on and retrieve it also, and
can they relay SMTP off of you (and perhaps some other stuff).

Sounds like Bob has some of this addressed. He has some work to do.

To not send passwords in the clear when you use telnet you should either

use VPN or SSH.
http://preview.tinyurl.com/ssh5250
or
http://publib.boulder.ibm.com/infocenter/iseries/v6r1m0/topic/rzamv/rzam
vsecureshell.htm?resultof=%22%74%65%6c%6e%65%74%22%20%22%73%73%68%22%20
Alas, we do send them in the clear internally but require VPN
externally.
FTP we mostly send in the clear, but we only use FTP via the internet
for
stuff like our personnel's retirement information, customer orders and
trivial data like that. :-( I do have this project on my list from our

#1 customer dealing with securing our FTP. Oh well, one of these
days...
Boss wants his Blackberry to do Sametime first, and ..., and ..., and
...

Just ran a STRCMNTRC and logged on via a 5250 screen. Tried to scan for

my password but it wrapped. Found it though, way off in the right in
the
human readable information:
.0....+....1....+....2....+....3
*.....| ."..........N...........
*&...F...............1...ROB...P
*ASSWORD..

Changed it here before posting. But basically, anything you can see
with
STRCMNTRC any basic sniffer program can see. Like your neighbor at the
local wireless cafe as you telnet in and sip your espresso. But if you
wrap that with SSH then it pretty much requires a CRAY or Blue Gene to
figure it out.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.