I thought the Soldier of Fortran guy had been updating and providing uss specifics for some open source penetration tests.
Rob Schramm On Thu, Jul 12, 2018 at 2:14 PM Seymour J Metz <[email protected]> wrote: > If it works it's because they didn't properly configure the server. Just > connecting to the server isn't enough to send an e-mail to it. RFC 4954 > came out in July 2007 and RFC 2554 came out in March 1999. sendmail has > supported it since 8.10. > > > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > ________________________________________ > From: IBM Mainframe Discussion List <[email protected]> on behalf > of ITschak Mugzach <[email protected]> > Sent: Thursday, July 12, 2018 1:08 PM > To: [email protected] > Subject: Re: Seeking a tool to do a network security scan of z/OS > > Shmuel, > > I refill the refrigerator doing pentests. I done this and many other > attacks on clients mainframes and in 90% of the cases, I am able to send > emails using the mainframe smtp configured as an MTA. if you look at you > smtp server log you might see some TCP connections (bingo!) or just users > who write a different domain name in the from clause. > > Trust me, it work. > > ITschak > > On Thu, Jul 12, 2018 at 6:36 PM Seymour J Metz <[email protected]> wrote: > > > Does your SMTP server not do authentication? That would certain get the > > auditors' attention. > > > > Do your users respond to phish attempts? Another security problem, and > one > > that has nothing to do with the mainframe. > > > > I suppose it's to much to expect for users to look at the trace fields to > > determine the provenances of messages. > > > > > > -- > > Shmuel (Seymour J.) Metz > > http://mason.gmu.edu/~smetz3 > > > > ________________________________________ > > From: IBM Mainframe Discussion List <[email protected]> on behalf > > of ITschak Mugzach <[email protected]> > > Sent: Wednesday, July 11, 2018 4:35 PM > > To: [email protected] > > Subject: Re: Seeking a tool to do a network security scan of z/OS > > > > Do you mean outside of the mainframe? Not as a single package, but NMAP > > will show you which ports are opened on the mainframe. If your mainframe > > answers the scan, you already have a problem... Now assume that port 25 > is > > open and your mail server is configured an MTA. One can connect to the > > server with HELLO call and send emails under fake name and domain as spam > > to collect userids, passwords and other secrets. > > > > It's a good idea to have an extra agent to IronSphere to do that -) > > > > ITschak > > > > On Wed, Jul 11, 2018 at 9:53 PM Dyck, Lionel B. (RavenTek) < > > [email protected]> wrote: > > > > > Is there a tool available that can do a network security scan of a z/OS > > > system to identify network vulnerabilities? > > > > > > thanks > > > > > > > > > -------------------------------------------------------------------------- > > > Lionel B. Dyck (Contractor) <sdg>< > > > Mainframe Systems Programmer - RavenTek Solution Partners > > > > > > > > > > > > ---------------------------------------------------------------------- > > > For IBM-MAIN subscribe / signoff / archive access instructions, > > > send email to [email protected] with the message: INFO IBM-MAIN > > > > > > > > > -- > > ITschak Mugzach > > *|** IronSphere Platform* *|* *Information Security Contiguous Monitoring > > for Legacy **| * > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > > > > -- > ITschak Mugzach > *|** IronSphere Platform* *|* *Information Security Contiguous Monitoring > for Legacy **| * > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- Rob Schramm ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
