Radoslaw Skorupka wrote: >> How did they tested it? Obtained a real copy of RACF DB and do your cracking? >I bet, yes. Do you want real copy of RACF db? I'll create it for you. >Tell me the usernames and passwords you want to have.
I'm too lazy to do that, I'll have rather mow my lawn. ;-D >If you have the copy, the rule of 'n strikes' won't work. True. >BTW: how do you block IP address ot the attacker? What type of attacks are >considered ? Any type. We have experienced some attacks with well known ids/password combinations. We shut down the application and blocked the IP addresses. One auditor tried using audit tools to ping IP addresses and ports using well known names like SYSTEM, IBMUSER, etc. My network guy got really annoyed+p*ssed off and blocked the auditor. This led to complaints that the auditor can't do his work. My network guy got the final word: that if any penetration test is to be done, it has to be done as scheduled without disrupting production work. ;-) >> I'm more concerned about INSIDERS trying to do 'strange' transactions. >Almost all brute force against RACF require participation f insider. Indeed. All tools I know, ask you that you download as INSIDER the RACF DB to your workstation and then do your crack. >Regards Thanks. The same to you too! ;-D Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN