× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Here's more info on the error for ports 80 and 443

"THREAT:
The service/daemon listening on the port shown stopped responding to TCP
connection attempts during the scan"

Then there's a more general one:

"A PCI scan must be allowed to perform scanning without interference from
intrusion detection systems or intrusion prevention systems.
The PCI ASV is required to post fail if scan interference is detected."

Wouldn't that be a good thing? If we need to whitelist their IP they would
need to provide it, which I haven't seen.

So, what is this fix in SST and what does it do? I can't find any docs on
it.

On Wed, Jan 11, 2023 at 9:10 AM Jim Oberholtzer <midrangel@xxxxxxxxxxxxxxxxx>
wrote:

My take would be to cross reference IBM notices with their "Fix". I'll bet
it's a scam at this point unless they can point to a specific error.

--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On Wed, Jan 11, 2023 at 9:06 AM Brad Stone <bvstone@xxxxxxxxx> wrote:

I am working with a customer who is getting some errors on their PCI
scan.

They weren't getting any errors, then the company told them to turn on
this
TCPIP Vulnerability Fix in Service Tools. Once that was done they got
three errors. One for port 80, one for port 443, and then a general
error. All three errors had to do with a "possible scan interference".

The report shows 0 of 3 scans were completed. They can't explain what a
"scan" is... at least to the customer. I would assume it's a GET or POST
but the website still works fine and I can't find anything in the HTTP
logs
for their "scans". (I didn't expect to if zero scans were completed).

Has anyone heard of this "Fix" in SST, and what it does and what a "Scan"
from a PCI company is and why this would cause these errors?

I almost feel like they're getting scammed since they have to pay if
their
PCI scans aren't all clear. They claim it's for credit card security but
they don't actually do any credit card activity on their system as far
as I
know.. that's all 3rd party stuff.

Bradley V. Stone
www.bvstools.com
Native IBM i e-Mail solutions for Microsoft Office 365, Gmail, or any
Cloud
Provider!
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.