It's good, I think, that the HMC does this. We're it an actual emergency, it'd be the desired behavior. I wonder if the HMC couldn't be configured to either block the scanning IP range or whitelist it so as to not phone home. I'd push IBM on this a little.
I know of shops that don't even scan the HMC or mainframe itself because "some time ago" the TCP/IP stack crashed after a scan - or some such. That might be an ok temporary solution (crashing the stack isn't probably a good thing to do regularly) but definitely not scanning seems short-sighted. Agree the wolf could win the day here, but I'm not sure the wolf is the scanners The system should be able to discern an internal scan or ignore such attempted connections. Chad > On Oct 19, 2015, at 11:58, J O Skip Robinson <[email protected]> wrote: > > We have sort of the opposite 'problem'. Our network security people run some > kind of probe against every device found on our network. When it pokes the > HMC, he calls home and reports a possible intruder. Then Support Center opens > an incident and our CE gets dragged in. I tried to get the HMCs exempted from > our internal probe. No dice. No exceptions. Our guys actually told me to ask > Support Center to ignore the HMC complaint. > > We all know the classic tale of the boy who cried wolf. If you recall, it was > the wolf who won the day. > > . > . > . > J.O.Skip Robinson > Southern California Edison Company > Electric Dragon Team Paddler > SHARE MVS Program Co-Manager > 626-302-7535 Office > 323-715-0595 Mobile > [email protected] > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of David L. Craig > Sent: Monday, October 19, 2015 9:22 AM > To: [email protected] > Subject: (External):Re: IBM > >> On 15Oct16:1752+0000, Lance D. Jackson wrote: >> >> This is disturbing: >> http://www.wsj.com/articles/ibm-allows-chinese-government-to-review-so >> urce-code-1444989039 > > If your only concern is IP misappropriation, I understand your concern. > My concern is the possibility of backdoors in appliances like the HMC and SE > boxen. The problem is we don't know just what the Chinese are looking at nor > for. Neither can we know if any apparent acceptance by them of the code as > untainted is applicable to the code our machines are running. Are any other > customers receiving such preferential treatment (perhaps the good folks at No > Such Agency)? > -- > <not cent from sell> > May the LORD God bless you exceedingly abundantly! > > Dave_Craig______________________________________________ > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
