Jim
You seem also not to be familiar with the true USS (Unformatted System
Services) as it is usually customized. Also it's not really a *VTAM* logon
screen - either when used natively or, indeed, in this context since the USS
function has been "borrowed" by the IP side of Communications Server in
order to give something very similar to the same "look and feel" to the end
user as if the 3270 - in this case - connection were purely SNA.
I say you appear not to be familiar since, as USS is typically customised,
you don't have to *guess* application names (applids); an user-friendly
token is usually offered in order to access the application. For example,
the application name may be A77CICS but you will find simply "CICS" being
offered as the way to gain access to this CICS application.
You can also typically enter the relevant userid following the application
token but this is generally only a short cut to entering the userid once the
first application panel is presented. It is here also where you will be
expected to enter the password, assuming the application requires a
password.
Whether or not guessing perhaps programmatically would have a chance of
being successful will depend upon how many tries you get before further
attempts are in some way barred.
I don't think you need to have feared any consequences for accessing what is
strictly that particular customer's USS message 10 panel - or indeed
entering various invalid tokens and getting the other USS messages in
return. VTAM does not have a facility which logs invalid attempts to enter
USS commands. It may even be interesting to examine the inventiveness in
exploiting USS functions in the shape of the various USS messages, in
particular USS message 5 - although that, rather stupidly, cannot be used
very effectively by TN3270E.
Chris Mason
----- Original Message -----
From: "Jim Harrison" <[EMAIL PROTECTED]>
Newsgroups: bit.listserv.ibm-main
To: <[email protected]>
Sent: Friday, September 21, 2007 10:28 PM
Subject: Open 3270 connection on the net??
I was Googling for some MQ information this afternoon and happened upon a
state IT website. Since it was a state I've often thought of moving to, I
began browsing further to look at job postings and tried to find out where
they were physically located. Somehow I came upon a link for HOD and of
course I had to click on it. Guess what? The software loads and I have
the magic button sitting in front of me - and of couse, I had to click it.
Lo and behold, I got the VTAM logon screen for their z/os system! My
question is, is this common? I can see doing it via a VPN, but open to the
public? Granted, guessing their applids, userIDs & passwords would be
quite difficult, but I am not a professional hacker, so I don't know for
sure how big an exposure it is. I know our security people would freak if
we had an open connect point. BTW, I closed the window, backed out
immediately and didn't even try looking further.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
