On Mon, Jan 5, 2015 at 9:48 AM, Tony's Basement Computer < [email protected]> wrote:
> DoS, revoke all the non-Special and non-Protected users. > > Hum, this sounds like a job for an IDS package. Perhaps something which would dynamically update the z/OS firewall so that when an ID is revoked due to password limit exceeded _and_ all the tries were from a specific IP address (perhaps tied to one or more LU names), then do a "deny all" in the firewall to any attempt for that IP to connect to the system. If this is caused by a forgetful user (or someone silly enough to change their password before a 4 day weekend - it just happened here), then they need to call the help desk to reinstate their ID anyway, so I don't see where it would be any more inconvenient to have the help desk to have a tool which reinstates the ID and removes the firewall rule too. Too bad, IMO, the z/OS firewall is _nowhere_ near as easy to use as my Linux firewall. -- While a transcendent vocabulary is laudable, one must be eternally careful so that the calculated objective of communication does not become ensconced in obscurity. In other words, eschew obfuscation. 111,111,111 x 111,111,111 = 12,345,678,987,654,321 Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
