e blocked for e.g. 60min. That will make ddos
> even harder. All numbers in the sample are configurable.
> I wonder if the apar disconnects the socket after a false attempt?
>
> Denis.
>
> -Original Message-
> From: Pommier, Rex
> To: IBM-MAIN
> Sent: Thu, Ja
y, January 23, 2020 9:31 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: IBM AOAR O44855
The apar is meant to deal with those types of hacks, where someone has a list
of userids and then just try to logon to TSO by connecting and attempting to
logon to TSO. Without the apar/parm, the normal lo
numbers in the sample are configurable.
I wonder if the apar disconnects the socket after a false attempt?
Denis.
-Original Message-
From: Pommier, Rex
To: IBM-MAIN
Sent: Thu, Jan 23, 2020 4:31 pm
Subject: Re: [External] Re: IBM AOAR O44855
On 1/23/2020 9:32 AM, Peter Vander Woude wrote
On 1/23/2020 9:32 AM, Peter Vander Woude wrote:
> The apar is meant to deal with those types of hacks, where someone has
> a list of userids and then just try to logon to TSO by connecting and
> attempting to logon to TSO. Without the apar/parm, the normal logon
> screen shows the person IF th
On 1/23/2020 9:32 AM, Peter Vander Woude wrote:
The apar is meant to deal with those types of hacks, where someone has a list
of userids and then just try to logon to TSO by connecting and attempting to
logon to TSO. Without the apar/parm, the normal logon screen shows the person
IF the useri
users id
revoked, the premise is valid to prevent the identification of someone with TSO
access is very valid.
<<<<
Subject:
Re: IBM AOAR O44855
From: Seymour J Metz
Reply-To: IBM Mainframe Discussion List
Date: Tue, 21 Jan 2020 16:31:42 +
That opens
: IBM Mainframe Discussion List on behalf of
Paul Gilmartin <000433f07816-dmarc-requ...@listserv.ua.edu>
Sent: Tuesday, January 21, 2020 3:00 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: IBM AOAR O44855
On Tue, 21 Jan 2020 10:40:07 -0800, Charles Mills wrote:
>I do not disagree. The
, January 22, 2020 1:58 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: IBM AOAR O44855
there are so many other alternatives to ddos by wide user revoke. even if
you do not install the ptf, the attacker can use the pcomm (or whatsoever
is in use) API to perform same type of attack.
ITschak
On Tue, Jan 21
ra Nitz
> Sent: Tuesday, January 21, 2020 2:14 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: IBM AOAR O44855
>
> >Is anyone using this feature
> https://www-01.ibm.com/support/docview.wss?uid=isg1OA44855
>
> I implemented TSO PrePrompt when I was RACF Admin. If
On Tue, 21 Jan 2020 10:40:07 -0800, Charles Mills wrote:
>I do not disagree. The decision to revoke is in the customer's hands. Before
>this APAR, the option to only say that the combination was invalid did not
>exist. So the APAR is 100% a good thing.
>
(some topic drift)
I suspect (novice) that
On Tue, 21 Jan 2020 10:40:07 -0800, Charles Mills wrote:
>I do not disagree. The decision to revoke is in the customer's hands. Before
>this APAR, the option to only say that the combination was invalid did not
>exist. So the APAR is 100% a good thing.
>
If it's desirable to prevent disclosure of
20 10:22 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: IBM AOAR O44855
There are two separate issues:
1. Should you only say that the userid/password combinations is bad? I have
no problem with that.
2. Should you auto-revoke after n failed attempts? That's the vector for
the DOS attack
16 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: IBM AOAR O44855
It's true. And there are various sources that will give the bad guy one or
more candidate userid's -- with any luck a senior sysprog id -- for a given
site. Think of the IBMMAIN archives, for example. Or sites where th
ist [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Seymour J Metz
Sent: Tuesday, January 21, 2020 8:32 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: IBM AOAR O44855
That opens the way to a denial of service attack; someone can write a script
to cause revocation of a
: Tuesday, January 21, 2020 2:14 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: IBM AOAR O44855
>Is anyone using this feature
>https://www-01.ibm.com/support/docview.wss?uid=isg1OA44855
I implemented TSO PrePrompt when I was RACF Admin. If someone is attempting to
hack into the mainframe
yes. Any readiness review we perform check this.
ITschak
On Tue, Jan 21, 2020 at 9:06 AM Brian Westerman <
brian_wester...@syzygyinc.com> wrote:
> I have several sites using it. The way it works is that the user enters
> the logon command or logon userid and instead of getting the entire full
>
>Is anyone using this feature
>https://www-01.ibm.com/support/docview.wss?uid=isg1OA44855
I implemented TSO PrePrompt when I was RACF Admin. If someone is attempting to
hack into the mainframe using userid/password, I didn't want them to know if
their userid was wrong or their password.
After
I have several sites using it. The way it works is that the user enters the
logon command or logon userid and instead of getting the entire full screen, it
just gets the prompt for the password. If the password is incorrect, (or if
they entered a bad userid to begin with) they get a message th
On Mon, 20 Jan 2020 15:44:11 -0600, Paul Gilmartin wrote:
>On Mon, 20 Jan 2020 15:17:00 -0600, Lionel B. Dyck wrote:
>
>>Is anyone using this feature
>>https://www-01.ibm.com/support/docview.wss?uid=isg1OA44855
We do.
>>
>Which says:
>***
2020 1:44 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: IBM AOAR O44855
On Mon, 20 Jan 2020 15:17:00 -0600, Lionel B. Dyck wrote:
>Is anyone using this feature
>https://www-01.ibm.com/support/docview.wss?uid=isg1OA44855
>
Which says:
On Mon, 20 Jan 2020 15:17:00 -0600, Lionel B. Dyck wrote:
>Is anyone using this feature
>https://www-01.ibm.com/support/docview.wss?uid=isg1OA44855
>
Which says:
* PROBLEM DESCRIPTION: This support provides the ability *
*
I played with it, er tested it a couple of years ago at my previous job. No one
expressed an interest in implementing it however.
Mark Jacobs
Sent from ProtonMail, Swiss-based encrypted email.
GPG Public Key -
https://api.protonmail.ch/pks/lookup?op=get&search=markjac...@protonmail.com
‐‐
Is anyone using this feature
https://www-01.ibm.com/support/docview.wss?uid=isg1OA44855
Lionel B Dyck <
Sent from my iPad Pro 10.5
Website: www.lbdsoftware.com
"Worry more about your character than your reputation. Character is what you
are, reputation merely what others think you are." - John
23 matches
Mail list logo