|
I have not seen this info posted here, if I am repeating someone else I apologize. There is software called l0phtcrack. This software can obtain most passwords on an NT domain within 60 seconds if the user can access the registry, sams file, or password file. It can obtain passwords by just listening on the network without signing on by using SBM packet capture. What does this matter on the AS/400? If you are like many organization, your users have the same password on the network as the AS/400. If a hacker can hack at a weaker NT platform for a password, he can usually use it on more secure platforms such as the AS/400. The site is at http://www.l0pht.com/ In some cases the AS/400 is easier to capture passwords on. If you are using Telnet, FTP, or using a router such as NetSoft Elite, or NetWare SAA to connect to the AS/400, then your passwords are probably going over the wire without any encryption. I have successfully captured user ID's and Password by using a packet capture software. The capture is in ASCII format, so I convert it to EBCDIC and I have the user ID/Password. PS:I am involved in securing my network, not in breaching others. +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
