Would this qualify as a potential for a DOS attack?
IBM i 7.2, recent PTF's
CRTUSRPRF USRPRF(DUMMY) USRCLS(*USER) SPCAUT(*NONE)
Sign on as DUMMY
STRSQL (or any number of publicly available sql tools, most of which do
not require 5250 command line access)
select *
from qsys2.system_value_info
where system_value_name like 'QMAXS%'
If QMAXSGNACN>1
record the value for QMAXSIGN
SELECT OBJNAME
FROM TABLE (QSYS2.OBJECT_STATISTICS('QUSRSYS','MSGQ') ) AS X
Then for each object name returned attempt to sign on (QMAXSIGN + 1)
times. Apparently invalid FTP sessions will work just fine.
Would this end up disabling a plethora of user profiles on your system?
Sure, you may have user profiles secured, but not their message queues.
Otherwise it makes it really tough to receive messages. :-)
This is why we do not disable user profiles upon invalid sign on attempts.
This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
