Re: TCPIP Vulnerability Fix in Service Tools

Might help if you knew exactly what was changed in SST. That would help
an IBM search for the keyword involved.

Rob Berendt
--
Business Systems Analyst, Lead
Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Jim
Oberholtzer
Sent: Wednesday, January 11, 2023 10:25 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: TCPIP Vulnerability Fix in Service Tools

CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.


Since DST/SST and IBM i use different IP stacks to communicate with the
outside world, I really question if the scanner actually understands IBM
i. I would force them to disclose this "Fix".

Sounds like a bunch of hooey to me.

--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On Wed, Jan 11, 2023 at 9:18 AM Brad Stone <bvstone@xxxxxxxxx> wrote:

Here's more info on the error for ports 80 and 443

"THREAT:
The service/daemon listening on the port shown stopped responding to TCP
connection attempts during the scan"

Then there's a more general one:

"A PCI scan must be allowed to perform scanning without interference from
intrusion detection systems or intrusion prevention systems.
The PCI ASV is required to post fail if scan interference is detected."

Wouldn't that be a good thing? If we need to whitelist their IP they

would

need to provide it, which I haven't seen.

So, what is this fix in SST and what does it do? I can't find any docs

on

it.

On Wed, Jan 11, 2023 at 9:10 AM Jim Oberholtzer <
midrangel@xxxxxxxxxxxxxxxxx>
wrote:

My take would be to cross reference IBM notices with their "Fix". I'll

bet

it's a scam at this point unless they can point to a specific error.

--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


On Wed, Jan 11, 2023 at 9:06 AM Brad Stone <bvstone@xxxxxxxxx> wrote:

I am working with a customer who is getting some errors on their PCI

scan.

They weren't getting any errors, then the company told them to turn

on

this

TCPIP Vulnerability Fix in Service Tools. Once that was done they

got

three errors. One for port 80, one for port 443, and then a general
error. All three errors had to do with a "possible scan

interference".

The report shows 0 of 3 scans were completed. They can't explain

what

a

"scan" is... at least to the customer. I would assume it's a GET or

POST

but the website still works fine and I can't find anything in the

HTTP

logs

for their "scans". (I didn't expect to if zero scans were

completed).

Has anyone heard of this "Fix" in SST, and what it does and what a

"Scan"

from a PCI company is and why this would cause these errors?

I almost feel like they're getting scammed since they have to pay if

their

PCI scans aren't all clear. They claim it's for credit card security

but

they don't actually do any credit card activity on their system as

far

as I

know.. that's all 3rd party stuff.

Bradley V. Stone
www.bvstools.com
Native IBM i e-Mail solutions for Microsoft Office 365, Gmail, or any

Cloud

Provider!
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)

mailing

list

To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription

related

questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing

list

To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription

related

questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing

list

To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.