|
On Nov 2, 2021, at 9:59 AM, Rob Berendt <rob@xxxxxxxxx> wrote:
I think it's great to disable user profiles upon bad signon's.
Users can't generate a list of users? True. But they can generate a list of user message queues. They have to be able to. If they don't have access to the message queues then they can't send them a message.
So you generate a list of message queues like this
WRKOBJ OBJ(QUSRSYS/*ALL) OBJTYPE(*MSGQ)
Oh? You secured them from the command line? Simple to work around. They can download any number of tools to do this:
select objname
from table(OBJECT_STATISTICS('QUSRSYS', '*MSGQ')) x;
Then you just try signing on each one of those until they are disabled.
Soon, you've disabled every user on the system.
Great denial of service attack.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.
Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.