× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. February 2020

Re: IFS share /QIBM and /QIBM/ProdData/OS400/DirSrv

Hello Roberto,

Am 27.02.2020 um 11:32 schrieb Roberto De Pedrini <roberto.faq400@xxxxxxxxx>:

A lot of problems, Java doesn't start, HTTPGETCLOB functions stop working
and other nice things ... 2 days of hell for IT department.

Sounds like complete IFS restore from backup is next.

This is a very good chance to (after everything's running again) review security measures and recovery action plans. Unfortunately, many shops/companies aren't prepared to deal with such a successful attack.

Checking on the IBM i we found some default directories share, like /QIBM,
/QIBM/ProdData/OS400/DirSrv

I look at my other IBM i systems and everyone has the same default shared
directories ...

1) Why this default?

Maybe because IBM suggests client access install directly from there. If this is still a thing today with everything browser-based. Maybe more but that's just guesswork. That these directories can be accessed read/write is probably not a good default.

2) Can I stop these shares?

I guess through the same means as you create new shares. If you don't need any CIFS access to IFS, you can also stop the CIFS server. More details on request.

3) There's some kind on antivirus solution for IBM i?

How's that supposed to help? Shares are just like local disks to any client. The clients must prevent evil programs to access stuff. How's any file server supposed to know if accessing (reading from/writing to) a share is legit or not?

:wq! PoC

PGP-Key: DDD3 4ABF 6413 38DE - https://www.pocnet.net/poc-key.asc



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.