1.  Home
  2. MIDRANGE-L
  3. September 2001

RE: QIBM_QTG_DEVINIT - Telnet Device Initialization Exit Program

Couple of questions.

1. The sample exit progs ive seen for Telnet seem to use
IP addressing as their main method of determining
who to allow/disallow in. Any other considerations
in particular? ( its not like FTP where the obvious ones
also include Directorys and commands..)

2. What determines its Telnet? I understand that some
clever people can use non std ports to attach to machines
via telnet/FTP. eg: telnet to port 110 (pop3) on an NT box.
Is that relavent here? What is it that actually kicks off
the exit program - the port or the telnet server?


3. Ran some IP tools against our IP devices to test general security,
eg: Cisco rtr, AS/400.
Came up with a comment about "TCP Sequence Prediction:"
Cisco came up with truly Random - tough nut.
AS/400 came up with xxxxx - a joke!

What is this, what does it mean, and can we do anything about it?



Ian.



( just trying to tie down my machine a bit more..)



-----Original Message-----
From: John Earl [mailto:johnearl@powertechgroup.com]
Sent: Friday, 21 September 2001 8:40
To: midrange-l@midrange.com
Subject: Re: QIBM_QTG_DEVINIT - Telnet Device Initialization Exit
Program



> Does anyone know when this Exit point is triggered.  Is it when the
sign on screen is displayed, or when the user presses enter after
putting in there user name and password?
>

The Telnet Init exit program is triggered when the client first
attempts to make contact with the OS/400 telnet server (the INIT
statement).  More specifically, when your PC reaches out and taps the
AS/400 on the shoulder and says "I want a Telnet session".  Control is
then passed to the Exit program, and it decides whether the user will
be presented with a terminal session.

Be aware that if you are trying to control Telnet by user, the
following rules apply:

If you're using Client Access Express (or a _few_ of the other 3rd
party emulation tools that support the Telnet 5250E protocol), and you
choose the bypass signon option, then the users OS/400 User ID is
transmitted with the Telnet Init Request.

If you're not using a 5250E capable client, or you do not bypass
signon, the user profile that the INIT runs under will always be QTCP.
When the OS/400 Signon screen is displayed, the real user can signon.

HTH,

jte


--
John Earl                              johnearl@powertechgroup.com
The Powertech Group          www.powertechgroup.com
Kent, Washington, USA       +1 253-872-7788



_______________________________________________
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@midrange.com
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
or email: MIDRANGE-L-request@midrange.com
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.