From: miguel.dilaj@pharma.novartis.com
Date: Wed Jan 29 2003 - 03:20:49 EST
Hi Nick
This post is so simple that I expect the moderator of pen-test to drop it
;-)
I've no former experience with pen-testing mainframes, but I've a bit of
info I discovered while sniffing a network.
In this network there was an IBM AS/400 with OS/400 v4.2, accessed using
Client Access from NT machines.
The info you can sniff from the wire "looks" like garbage, but if you look
at it using EBCDIC (not ASCII) all communications were in clear text.
I did some research at this time, and it seems that there's a patch for
OS/400 v4.3 and above to implement SSL encryption.
Kind regards,
Miguel Dilaj
"Nick Jacobsen" <nick@ethicsdesign.com>
28/01/2003 13:24
Please respond to "Nick Jacobsen"
To: <pen-test@securityfocus.com>
cc:
Subject: z/OS, OS/390 Pen testing tips/ideas/papers?
Hi all,
One of my clients has an IBM OS/390 running on one of their networks I
am doing some security testing on, and considering I really have not dealt
with any IBM mainframes before when it comes to security, I was hoping
that
some of you might be able to point me the right direction. Anything would
be helpful, but especially from a penetration viewpoint.
Thank You,
Nick Jacobsen
Ethics Design
nick@ethicsdesign.com
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:27 EDT