Re: z/OS, OS/390 Pen testing tips/ideas/papers?

From: Rainer Duffner (rainer@ultra-secure.de)
Date: 01/30/03

Next message: Davi Ottenheimer: "RE: z/OS, OS/390 Pen testing tips/ideas/papers?"

Previous message: visigoth: "Re: z/OS, OS/390 Pen testing tips/ideas/papers?"
In reply to: Nick Jacobsen: "z/OS, OS/390 Pen testing tips/ideas/papers?"
Next in thread: Davi Ottenheimer: "RE: z/OS, OS/390 Pen testing tips/ideas/papers?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Rainer Duffner" <rainer@ultra-secure.de>
To: pen-test@securityfocus.com
Date: Thu, 30 Jan 2003 14:57:24 +0100

Nick Jacobsen writes:

> Hi all,
> One of my clients has an IBM OS/390 running on one of their networks
> I am doing some security testing on, and considering I really have
> not dealt with any IBM mainframes before when it comes to security,
> I was hoping that some of you might be able to point me the right
> direction. Anything would be helpful, but especially from a
> penetration viewpoint.

Are you attacking from internal or external ?
From internal, you first need a 3270-capable telnet-emulation, like x3270.

Then, go back in the archives to June or so, where I posed the same question
and got some default-passwords, which you can try.

Rainer

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rainer Duffner                   Munich
rainer@ultra-secure.de          Germany
http://www.i-duffner.de        Freising
========================================
    When shall we three meet again
  In thunder, lightning, or in rain?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Davi Ottenheimer: "RE: z/OS, OS/390 Pen testing tips/ideas/papers?"
Previous message: visigoth: "Re: z/OS, OS/390 Pen testing tips/ideas/papers?"
In reply to: Nick Jacobsen: "z/OS, OS/390 Pen testing tips/ideas/papers?"
Next in thread: Davi Ottenheimer: "RE: z/OS, OS/390 Pen testing tips/ideas/papers?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

IBM AIX 4.3.x and 5.1: Buffer overflow vulnerability in telnet daemon
... Subject: IBM AIX 4.3.x and 5.1: Buffer overflow vulnerability in telnet daemon ... IBM Global Services ... IBM Managed Security Services with access to the security advisories ...
(Bugtraq)
IBM AIX: Buffer Overflow Vulnerability in libi18n Library
... IBM Global Services ... IBM Managed Security Services with access to the security advisories ... IBM MSS is forwarding the following information from IBM. ...
(Bugtraq)
[NEWS] Cisco Voice Products Vulnerabilities on IBM Servers
... Get your security news from a reliable source. ... The default installation of Cisco voice products on the IBM platform will ... * All operating system versions running on an IBM server prior to OS ...
(Securiteam)
IBM AIX: Buffer Overflow Vulnerabilities in lpd
... IBM Global Services ... IBM Managed Security Services with access to the security advisories ... The Line Printer daemon, lpd, shipped with AIX contains several ...
(Bugtraq)
RE: SQL
... Subject: SQL ... >> This list is provided by the SecurityFocus Security ... For more information on SecurityFocus' SIA service which ... >This list is provided by the SecurityFocus Security Intelligence Alert ...
(Pen-Test)