Hi Nick This post is so simple that I expect the moderator of pen-test to drop it ;-) I've no former experience with pen-testing mainframes, but I've a bit of info I discovered while sniffing a network. In this network there was an IBM AS/400 with OS/400 v4.2, accessed using Client Access from NT machines. The info you can sniff from the wire "looks" like garbage, but if you look at it using EBCDIC (not ASCII) all communications were in clear text. I did some research at this time, and it seems that there's a patch for OS/400 v4.3 and above to implement SSL encryption. Kind regards, Miguel Dilaj "Nick Jacobsen" <nickat_private> 28/01/2003 13:24 Please respond to "Nick Jacobsen" To: <pen-testat_private> cc: Subject: z/OS, OS/390 Pen testing tips/ideas/papers? Hi all, One of my clients has an IBM OS/390 running on one of their networks I am doing some security testing on, and considering I really have not dealt with any IBM mainframes before when it comes to security, I was hoping that some of you might be able to point me the right direction. Anything would be helpful, but especially from a penetration viewpoint. Thank You, Nick Jacobsen Ethics Design nickat_private ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 10:17:01 PST