In
874b151289704e46a874bf2ae6fdd8d12088e...@kl126r4b.cs.ad.klmcorp.net,
on 01/05/2015
at 03:45 PM, Vernooij, CP (ITOPT1) - KLM kees.verno...@klm.com
said:
What is the point in trying to find a valid userid, if the userid
will be suspended after trying 3 invalid passwords (in our
situation)?
On Sun, January 4, 2015 17:56, Paul Gilmartin wrote:
(why?) and must reconnect. Is there any way to get directly back to
IKJ56700A?
PA1. You won't get back to IKJ56700A but you can enter LOGON userid
there without a reconnect.
Regards,
Boris
Paul Gilmartin wrote:
My logon PROC is set up to bypass any solicitor and put me directly at:
IKJ56700A ENTER USERID -
userif
Review your solicitor to eliminate this pain.
Is there any way to get directly back to IKJ56700A?
Or even better, to change the Userid and continue with the
] On Behalf
Of Elardus Engelbrecht
Sent: Monday, January 05, 2015 6:27 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: CANCEL TSO Logon?
Paul Gilmartin wrote:
My logon PROC is set up to bypass any solicitor and put me directly at:
IKJ56700A ENTER USERID -
userif
Review your solicitor
Groan, I hate it to correct myself, but I was contacted offlist that I'm wrong
... ouch, so early in 2015! ...
So here goes ...
SSHD doesn't tell me that 0123456789 is unknown to RACF, or even that it's
syntactically invalid. I can't use SSH to probe for known user IDs.
I believe this is
John McKown wrote:
Tony's Basement Computer wrote:
DoS, revoke all the non-Special and non-Protected users.
True. That concern was raised on RACF-L.
Hum, this sounds like a job for an IDS package. Perhaps something which would
dynamically update the z/OS firewall so that when an ID is
On Mon, 5 Jan 2015 09:48:28 -0600, Tony's Basement Computer wrote:
DoS, revoke all the non-Special and non-Protected users.
-Original Message-
From: Vernooij, CP (ITOPT1) - KLM
What is the point in trying to find a valid userid, if the userid will be
suspended after trying 3 invalid
Mike Wawiorko wrote:
Logon to TSO is an SNA session and not a (direct) IP connection. It may or may
not be from a tn3270 connection. If it is tn3270 the IP connection may well be
to another system and via a multi-session tool like TPX, Supersession, Tubes,
Multsess etc. where is the IP address
On 01/05/2015 09:35 AM, Paul Gilmartin wrote:
On Mon, 5 Jan 2015 07:21:28 -0800, Charles Mills wrote:
For TSO, you can probe for known user ids, but you will see a lot of LOGON
and IEA989I message in the SYSLOG.
Only if you set a specific SLIP trap for this condition.
In the video cited:
before printing this e-mail
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Elardus Engelbrecht
Sent: 05 January 2015 16:12
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: CANCEL TSO Logon?
John McKown wrote:
...
all the tries were from
On 2015-01-05, at 09:24, Mike Wawiorko wrote:
Logon to TSO is an SNA session and not a (direct) IP connection. It may or
may not be from a tn3270 connection. If it is tn3270 the IP connection may
well be to another system and via a multi-session tool like TPX,
Supersession, Tubes, Multsess
] On Behalf
Of Joel Ewing
Sent: Monday, January 05, 2015 8:18 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Enumerating User IDs (was: CANCEL TSO Logon?)
On 01/05/2015 09:35 AM, Paul Gilmartin wrote:
On Mon, 5 Jan 2015 07:21:28 -0800, Charles Mills wrote:
For TSO, you can probe for known user ids
@LISTSERV.UA.EDU
Subject: Re: Enumerating User IDs (was: CANCEL TSO Logon?)
Back years ago I worked at a Top Secret shop. That product wrote a console
message when a log on attempt has occurred that specified an unknown user.
Sadly, what was usually seen was a password. It's been years since I
@LISTSERV.UA.EDU] On
Behalf Of Joel Ewing
Sent: Monday, January 05, 2015 8:18 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Enumerating User IDs (was: CANCEL TSO Logon?)
On 01/05/2015 09:35 AM, Paul Gilmartin wrote:
On Mon, 5 Jan 2015 07:21:28 -0800, Charles Mills wrote:
For TSO, you can probe
I do not believe you will get RACF SMF and console messages for this type
of probing. It is my understanding that TSO performs a RACROUTE
REQUEST=EXTRACT to obtain the data to fill in the various fields in the
logon panel. When retrieving or replacing fields, the RACF manual
explicitly states:
to work this way also.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Paul Gilmartin
Sent: Sunday, January 04, 2015 8:57 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: CANCEL TSO Logon?
My logon PROC is set up to bypass any solicitor
@LISTSERV.UA.EDU] On Behalf
Of Frank Swarbrick
Sent: Monday, January 05, 2015 6:06 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Enumerating User IDs (was: CANCEL TSO Logon?)
Something like this?ICH408I USER(MYPSWD99) GROUP() NAME(???
)
LOGON/JOB INITIATION - USER AT TERMINAL
@LISTSERV.UA.EDU] On Behalf
Of Lester, Bob
Sent: Monday, January 05, 2015 6:07 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: CANCEL TSO Logon?
Hey Lou,
BTDT, *very* painful. Had to learn that one the hard way.
Cheers!
BobL
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM
Beep,beep,beep...Tape Mgr puts. INIT proc in one of STC Proclibs. Damn
that traffic jam.'
In a message dated 1/5/2015 6:17:54 P.M. Central Standard Time,
tbabo...@comcast.net writes:
Being old enough to remember the pre-Protected days, when this feature
appeared we implemented it into
On 5 January 2015 at 19:19, Tony's Basement Computer
tbabo...@comcast.net wrote:
Yep. BTW, how did Mr. Mainframehacker get to the TSO log on screen? Did
someone provide the magic VTAM command? I ask from ignorance because I
didn't watch 100% of the video and I'm not connect literate.
His
@LISTSERV.UA.EDU
Sent: Monday, January 5, 2015 9:57 AM
Subject: Re: Enumerating User IDs (was: CANCEL TSO Logon?)
Back years ago I worked at a Top Secret shop. That product wrote a console
message when a log on attempt has occurred that specified an unknown user.
Sadly, what was usually seen
: CANCEL TSO Logon? [ EXTERNAL ]
Hopefully all of your started proc user ids are PROTECTED otherwise those 3
invalid password attempts could cause you big problems.
Lou
--
Artificial Intelligence is no match for Natural Stupidity
- Unknown
On Mon, Jan 5, 2015 at 2:21 PM, Mike Schwab mike.a.sch
-MAIN@LISTSERV.UA.EDU
Subject: Re: Enumerating User IDs (was: CANCEL TSO Logon?)
Something like this?ICH408I USER(MYPSWD99) GROUP() NAME(???
)
LOGON/JOB INITIATION - USER AT TERMINAL DVDU NOT RACF-DEFINED
The above was generated using the CICS CESN signon
IDs (was: CANCEL TSO Logon?)
On 5 January 2015 at 19:19, Tony's Basement Computer tbabo...@comcast.net
wrote:
Yep. BTW, how did Mr. Mainframehacker get to the TSO log on screen? Did
someone provide the magic VTAM command? I ask from ignorance because I
didn't watch 100% of the video and I'm
5, 2015 9:57 AM
Subject: Re: Enumerating User IDs (was: CANCEL TSO Logon?)
Back years ago I worked at a Top Secret shop. That product wrote a
console message when a log on attempt has occurred that specified an
unknown user. Sadly, what was usually seen was a password. It's been
years
Hopefully all of your started proc user ids are PROTECTED otherwise those 3
invalid password attempts could cause you big problems.
Lou
--
Artificial Intelligence is no match for Natural Stupidity
- Unknown
On Mon, Jan 5, 2015 at 2:21 PM, Mike Schwab mike.a.sch...@gmail.com wrote:
On Mon,
@LISTSERV.UA.EDU] On Behalf
Of Ed Finnell
Sent: Monday, January 05, 2015 4:29 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: CANCEL TSO Logon?
Beep,beep,beep...Tape Mgr puts. INIT proc in one of STC Proclibs. Damn that
traffic jam.'
In a message dated 1/5/2015 6:17:54 P.M. Central Standard Time
On 01/05/2015 05:56 PM, Lou Losee wrote:
Hopefully all of your started proc user ids are PROTECTED otherwise those 3
invalid password attempts could cause you big problems.
Lou
--
Artificial Intelligence is no match for Natural Stupidity
- Unknown
On Mon, Jan 5, 2015 at 2:21 PM,
, Bob
Sent: Monday, January 05, 2015 6:07 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: CANCEL TSO Logon?
Hey Lou,
BTDT, *very* painful. Had to learn that one the hard way.
Cheers!
BobL
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN
On Mon, Jan 5, 2015 at 9:45 AM, Vernooij, CP (ITOPT1) - KLM
kees.verno...@klm.com wrote:
What is the point in trying to find a valid userid, if the userid will be
suspended after trying 3 invalid passwords (in our situation)?
Kees.
But not if you keep rotating IDs. It is three in a row for
-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Mike Schwab
Sent: Monday, January 05, 2015 2:21 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: CANCEL TSO Logon?
On Mon, Jan 5, 2015 at 9:45 AM, Vernooij, CP (ITOPT1) - KLM
kees.verno...@klm.com wrote:
What
.a user without a TSO segment ?
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Boris Lenz
Sent: Monday, January 05, 2015 9:44 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: CANCEL TSO Logon?
On Mon, January 5, 2015 16:29, Charles
On Mon, 5 Jan 2015 07:21:28 -0800, Charles Mills wrote:
For TSO, you can probe for known user ids, but you will see a lot of LOGON
and IEA989I message in the SYSLOG.
Only if you set a specific SLIP trap for this condition.
In the video cited:
On Jan 2, 2015, at 3:31 PM, Mark Regan wrote:
DoS, revoke all the non-Special and non-Protected users.
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Vernooij, CP (ITOPT1) - KLM
Sent: Monday, January 05, 2015 9:46 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: CANCEL TSO Logon
On Mon, Jan 5, 2015 at 9:48 AM, Tony's Basement Computer
tbabo...@comcast.net wrote:
DoS, revoke all the non-Special and non-Protected users.
Hum, this sounds like a job for an IDS package. Perhaps something which
would dynamically update the z/OS firewall so that when an ID is revoked
due
Of Elardus Engelbrecht
Sent: Monday, January 05, 2015 7:09 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: CANCEL TSO Logon?
Groan, I hate it to correct myself, but I was contacted offlist that I'm wrong
... ouch, so early in 2015! ...
So here goes ...
SSHD doesn't tell me that 0123456789 is unknown
, 2015 7:21 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: CANCEL TSO Logon?
For TSO, you can probe for known user ids, but you will see a lot of LOGON
and IEA989I message in the SYSLOG.
Only if you set a specific SLIP trap for this condition.
Charles
-Original Message-
From: IBM
On Mon, January 5, 2015 16:29, Charles Mills wrote:
I see no console message at all (absent some SLIP trap) for simply
testing a userid (as opposed to a userid and password). Did I miss it?
But you can probe for a valid userid on the logon panel. No message to the
syslog. If you don't get
My logon PROC is set up to bypass any solicitor and put me directly at:
IKJ56700A ENTER USERID -
userif
Oops! Typo. I recognize it by sight or by proprioception an instant
after I press ENTER. But USERIF is another valid user ID in my
department. I'm at the TSO GUI LOGON panel. I
I always just PF3 but yes, it does take you back more than just one step.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Paul Gilmartin
Sent: Sunday, January 04, 2015 8:57 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: CANCEL TSO
40 matches
Mail list logo