×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
Hello Rob,
Am 04.06.2020 um 13:23 schrieb Rob Berendt <rob@xxxxxxxxx>:
Turns out that the Cisco Firepower Intrusion Prevention System (IPS) was killing your FTP downloads, because the file contained a script that IPS did not like.
I've been involved with FirePower a few years ago. My personal experience is: It's really buggy, it's generating a lot of false positives and thus provides a false sense of security. If you drown in false positives, real alerts can easily be missed. This upfront to explain my response.
Ask your networking guys, what exactly the error message from FirePower was. "Don't like" is not helpful for finding a root cause, especially together with IBM.
Binary Mode is mandatory for PTFs. They are binary files.
Encryption might help but must not: FirePower can be configured to decrypt the TLS session traffic (and re-encrypt it with a temporary certificate).
So, might there be a bad PTF in there which may corrupt the system?
I question that Cisco has a that much deep insight into IBM i PTF package structures. My bet is, it is, like often, a false positive.
Whitelisting would be putting the systems at risk.
Typical cover-my-ass reaction, instead of being helpful. :-( There are numerous possibilities to whitelist things within FirePower. By Protocol, by src/dst IP, even by content. Make your network guys do their homework: IBM i doesn't need the same protection level as Windows machines need.
:wq! PoC
PGP-Key: DDD3 4ABF 6413 38DE -
https://www.pocnet.net/poc-key.asc
midrange.com
