Mike Wawiorko wrote: >Logon to TSO is an SNA session and not a (direct) IP connection. It may or may >not be from a tn3270 connection. If it is tn3270 the IP connection may well be >to another system and via a multi-session tool like TPX, Supersession, Tubes, >Multsess etc. where is the IP address and on which system?
I know. Thanks for highlighting this. >As well as NAT many sites have a thin client with tn3270 on Citrix. Makes any >attempt to deal with DoS or userid/password misuse on the TSO system by >blocking an IP address futile and probably likely to block genuine users in >many configurations. Indeed. This is why I said things can get *interesting* ... And it is not only TSO, but also with DoS attack with scripted FTP jobs... We got a victim who used a machine infected with a keystroke device. That victim could not use his usual id, since that will get repeately revoked via a hidden FTP script. They resolved it by formatting the PC and destroyed that device. Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN