Re: TCPIP Vulnerability Fix in Service Tools

Since DST/SST and IBM i use different IP stacks to communicate with the
outside world, I really question if the scanner actually understands IBM
i. I would force them to disclose this "Fix".

Sounds like a bunch of hooey to me.

--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On Wed, Jan 11, 2023 at 9:18 AM Brad Stone <bvstone@xxxxxxxxx> wrote:

Here's more info on the error for ports 80 and 443

"THREAT:
The service/daemon listening on the port shown stopped responding to TCP
connection attempts during the scan"

Then there's a more general one:

"A PCI scan must be allowed to perform scanning without interference from
intrusion detection systems or intrusion prevention systems.
The PCI ASV is required to post fail if scan interference is detected."

Wouldn't that be a good thing? If we need to whitelist their IP they would
need to provide it, which I haven't seen.

So, what is this fix in SST and what does it do? I can't find any docs on
it.

On Wed, Jan 11, 2023 at 9:10 AM Jim Oberholtzer <
midrangel@xxxxxxxxxxxxxxxxx>
wrote:

My take would be to cross reference IBM notices with their "Fix". I'll

bet

it's a scam at this point unless they can point to a specific error.

--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On Wed, Jan 11, 2023 at 9:06 AM Brad Stone <bvstone@xxxxxxxxx> wrote:

I am working with a customer who is getting some errors on their PCI

scan.

They weren't getting any errors, then the company told them to turn on

this

TCPIP Vulnerability Fix in Service Tools. Once that was done they got
three errors. One for port 80, one for port 443, and then a general
error. All three errors had to do with a "possible scan interference".

The report shows 0 of 3 scans were completed. They can't explain what

a

"scan" is... at least to the customer. I would assume it's a GET or

POST

but the website still works fine and I can't find anything in the HTTP

logs

for their "scans". (I didn't expect to if zero scans were completed).

Has anyone heard of this "Fix" in SST, and what it does and what a

"Scan"

from a PCI company is and why this would cause these errors?

I almost feel like they're getting scammed since they have to pay if

their

PCI scans aren't all clear. They claim it's for credit card security

but

they don't actually do any credit card activity on their system as far

as I

know.. that's all 3rd party stuff.

Bradley V. Stone
www.bvstools.com
Native IBM i e-Mail solutions for Microsoft Office 365, Gmail, or any

Cloud

Provider!
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing

list

To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription

related

questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing

list

To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.