× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Well, he said he didn't start getting the errors until he turned this on.

He couldn't get any other info from the PCI company on how their scans
work, what they were, etc. I told him they're scamming him or are idiots.
He agreed. Just not sure what can be done because as you know a lot of
managers do get freaked out from PCI failures.

On Thu, Jan 12, 2023 at 2:46 PM Patrik Schindler <poc@xxxxxxxxxx> wrote:

Hello Brad,

Am 12.01.2023 um 18:34 schrieb Brad Stone <bvstone@xxxxxxxxx>:

Here is a link to the IBM document that they used:


https://www.ibm.com/support/pages/tcp-sequence-number-approximation-based-denial-service-cve-2004-0230

From the description I'd say: This is a very theoretical attack vector.
Did those guys actually read what's written on there?

Description: TCP, when using a large Window Size, makes it easier for
remote attackers to guess sequence numbers and cause a denial of service
(connection loss) to persistent TCP connections by repeatedly injecting a
TCP RST packet, especially in protocols that use long-lived connections,
such as BGP.

Some of these "security guys" sometimes have lost common sense. They focus
purely on "There's a security issue you didn't address!!!1111". Generating
boss-panick but fail a basic reality check: What's the impact and how
likely is it that this impact happens? Ask an insurance agent about that
topic! They know perfectly well about the concept! :-)

First: The worst thing that can happen is that an existing TCP connection
is forced to be reset. OMG! Wir werden alle störben!!

The only long lived TCP (!) connections from or on an IBM i I can think of
are 5250 emulation sessions (telnet). I guess there are virtually no shops
exposing 5250 to the internet. Yes, pub400 is an exception. If those
sessions are routed through a VPN tunnel, there's no direct exposure of TCP
packets on the internet. I guess that's how most IBM i are accessed
nowadays from outside the local network.

:wq! PoC

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.