passwords (in our situation)?
And here we have a cultural divide. Open systems folks are quite
sensitive to the possibility of enumerating user IDs; less sensitive to
exhaustive password search, and feel that revoking a user's ID upon
detecting password probing invites that form of DoS. If I hadn't
On 01/05/2015 09:35 AM, Paul Gilmartin wrote:
On Mon, 5 Jan 2015 07:21:28 -0800, Charles Mills wrote:
For TSO, you can probe for known user ids, but you will see a lot of LOGON
and IEA989I message in the SYSLOG.
Only if you set a specific SLIP trap for this condition.
In the video cited:
] On Behalf
Of Joel Ewing
Sent: Monday, January 05, 2015 8:18 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Enumerating User IDs (was: CANCEL TSO Logon?)
On 01/05/2015 09:35 AM, Paul Gilmartin wrote:
On Mon, 5 Jan 2015 07:21:28 -0800, Charles Mills wrote:
For TSO, you can probe for known user ids
@LISTSERV.UA.EDU
Subject: Re: Enumerating User IDs (was: CANCEL TSO Logon?)
Back years ago I worked at a Top Secret shop. That product wrote a console
message when a log on attempt has occurred that specified an unknown user.
Sadly, what was usually seen was a password. It's been years since I
id which already had considerable
capabilities.
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Charles Mills
Sent: Monday, January 05, 2015 10:35 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Enumerating User IDs (was: CANCEL TSO
I do not believe you will get RACF SMF and console messages for this type
of probing. It is my understanding that TSO performs a RACROUTE
REQUEST=EXTRACT to obtain the data to fill in the various fields in the
logon panel. When retrieving or replacing fields, the RACF manual
explicitly states:
@LISTSERV.UA.EDU] On Behalf
Of Frank Swarbrick
Sent: Monday, January 05, 2015 6:06 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Enumerating User IDs (was: CANCEL TSO Logon?)
Something like this?ICH408I USER(MYPSWD99) GROUP() NAME(???
)
LOGON/JOB INITIATION - USER AT TERMINAL
On 5 January 2015 at 19:19, Tony's Basement Computer
tbabo...@comcast.net wrote:
Yep. BTW, how did Mr. Mainframehacker get to the TSO log on screen? Did
someone provide the magic VTAM command? I ask from ignorance because I
didn't watch 100% of the video and I'm not connect literate.
His
@LISTSERV.UA.EDU
Sent: Monday, January 5, 2015 9:57 AM
Subject: Re: Enumerating User IDs (was: CANCEL TSO Logon?)
Back years ago I worked at a Top Secret shop. That product wrote a console
message when a log on attempt has occurred that specified an unknown user.
Sadly, what was usually seen
-MAIN@LISTSERV.UA.EDU
Subject: Re: Enumerating User IDs (was: CANCEL TSO Logon?)
Something like this?ICH408I USER(MYPSWD99) GROUP() NAME(???
)
LOGON/JOB INITIATION - USER AT TERMINAL DVDU NOT RACF-DEFINED
The above was generated using the CICS CESN signon
I have no idea how he got the addresses
I suspect by scanning.
Charles
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Tony Harminc
Sent: Monday, January 05, 2015 4:44 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Enumerating User
5, 2015 9:57 AM
Subject: Re: Enumerating User IDs (was: CANCEL TSO Logon?)
Back years ago I worked at a Top Secret shop. That product wrote a
console message when a log on attempt has occurred that specified an
unknown user. Sadly, what was usually seen was a password. It's been
years
was generated using the CICS CESN signon transaction.
From: Tony's Basement Computer tbabo...@comcast.net
To: IBM-MAIN@LISTSERV.UA.EDU
Sent: Monday, January 5, 2015 9:57 AM
Subject: Re: Enumerating User IDs (was: CANCEL TSO Logon?)
Back years ago I worked at a Top Secret shop
I watched the flick and agree with a lot of what he said. He obviously
has no scruples about disclosing any and all information, but isn't that
how Open Source software protects itself? And if someone opens their
TN3270 port to the public internet, whose fault is that really?
One thing he
On Mon, 5 Jan 2015 07:21:28 -0800, Charles Mills wrote:
For TSO, you can probe for known user ids, but you will see a lot of LOGON
and IEA989I message in the SYSLOG.
Only if you set a specific SLIP trap for this condition.
In the video cited:
On Jan 2, 2015, at 3:31 PM, Mark Regan wrote:
15 matches
Mail list logo