× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2021

Re: Enable Disabled Users and Devices

This is a fun way around this.
It can be stopped but is fun to try.

From any logon do a <sys-req> 3.
Option 13 library list. Pick QUSRSYS option 5 and page down till you get to *MSGQ.

You used to be able to do on QSYS and find the *USRPRF, but I recall this was blocked by a PTF or version.

Bryan


On Nov 2, 2021, at 9:59 AM, Rob Berendt <rob@xxxxxxxxx> wrote:

I think it's great to disable user profiles upon bad signon's.
Users can't generate a list of users? True. But they can generate a list of user message queues. They have to be able to. If they don't have access to the message queues then they can't send them a message.
So you generate a list of message queues like this
WRKOBJ OBJ(QUSRSYS/*ALL) OBJTYPE(*MSGQ)
Oh? You secured them from the command line? Simple to work around. They can download any number of tools to do this:

select objname
from table(OBJECT_STATISTICS('QUSRSYS', '*MSGQ')) x;

Then you just try signing on each one of those until they are disabled.
Soon, you've disabled every user on the system.
Great denial of service attack.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.