Shmuel,

I refill the refrigerator doing pentests. I done this and many other
attacks on clients mainframes and in 90% of the cases, I am able to send
emails using the mainframe smtp configured as an MTA. if you look at you
smtp server log you might see some TCP connections (bingo!) or just users
who write a different domain name in the from clause.

Trust me, it work.

ITschak

On Thu, Jul 12, 2018 at 6:36 PM Seymour J Metz <sme...@gmu.edu> wrote:

> Does your SMTP server not do authentication? That would certain get the
> auditors' attention.
>
> Do your users respond to phish attempts? Another security problem, and one
> that has nothing to do with the mainframe.
>
> I suppose it's to much to expect for users to look at the trace fields to
> determine the provenances of messages.
>
>
> --
> Shmuel (Seymour J.) Metz
> http://mason.gmu.edu/~smetz3
>
> ________________________________________
> From: IBM Mainframe Discussion List <IBM-MAIN@listserv.ua.edu> on behalf
> of ITschak Mugzach <imugz...@gmail.com>
> Sent: Wednesday, July 11, 2018 4:35 PM
> To: IBM-MAIN@listserv.ua.edu
> Subject: Re: Seeking a tool to do a network security scan of z/OS
>
> Do you mean outside of the mainframe? Not as a single package, but NMAP
> will show you which ports are opened on the mainframe. If your mainframe
> answers the scan, you already have a problem... Now assume that port 25 is
> open and your mail server is configured an MTA. One can connect to the
> server with HELLO call and send emails under fake name and domain as spam
> to collect userids, passwords and other secrets.
>
> It's a good idea to have an extra agent to IronSphere to do that -)
>
> ITschak
>
> On Wed, Jul 11, 2018 at 9:53 PM Dyck, Lionel B. (RavenTek) <
> lionel.d...@va.gov> wrote:
>
> > Is there a tool available that can do a network security scan of a z/OS
> > system to identify network vulnerabilities?
> >
> > thanks
> >
> >
> --------------------------------------------------------------------------
> > Lionel B. Dyck (Contractor)  <sdg><
> > Mainframe Systems Programmer - RavenTek Solution Partners
> >
> >
> >
> > ----------------------------------------------------------------------
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
>
>
> --
> ITschak Mugzach
> *|** IronSphere Platform* *|* *Information Security Contiguous Monitoring
> for Legacy **|  *
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>


-- 
ITschak Mugzach
*|** IronSphere Platform* *|* *Information Security Contiguous Monitoring
for Legacy **|  *

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Reply via email to