Folks, Its easy to target TCPIP but IMHO the issues are to do with its universal use, and the libraries used to implement it.
So I will just remind you all that what I think was one of the first nasty programs, the "CHRISTMA EXEC" worm, was actually spread over BITNET and VNET which at the time had no TCPIP. I wonder if any one still has filters in their RSCS user exists to block such files? https://en.wikipedia.org/wiki/Christmas_Tree_EXEC Also while the Morris worm https://en.wikipedia.org/wiki/Morris_worm did spread over TCPIP the holes it exploited did not require TCPIP and the systems it infected, BSD based systems, are generally thought to be "secure" but in this case were poorly configured. Lastly, many years ago when I was working on the SUCOMMS X.25 package for UK universities we did find a buffer overrun problem in the VM/SP SNA CCS code. That is the code that VTAM uses (well I think it still uses) to present terminals to VM. So, if we were using SNA or X25 or BiSync as universal transports, then I believe we could be finding security holes in them. Dave Wade ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
