1.  Home
  2. MIDRANGE-L
  3. January 2005

Re: IBM's benevolent hacking

Sorry about that, but I've probably already discussed this more than my 
boss wants.

Gotta go IPL www.dekko.com.  All sorts of stuff locked up on that i5.

Rob Berendt
-- 
Group Dekko Services, LLC
Dept 01.073
PO Box 2000
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





"Steve Landess" <sjl_abc@xxxxxxxxxxx> 
Sent by: midrange-l-bounces@xxxxxxxxxxxx
01/27/2005 02:49 PM
Please respond to
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>


To
"Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
cc

Subject
Re: IBM's benevolent hacking






Rob-

You almost sound like an IBM salesman:

"We know that there is a vulnerability in the OS for which there exists a 
current PTF, but you'll have to buy our service and spend thousands of 
dollars before we'll tell you what it is..."

Steve

----- Original Message ----- 
From: <rob@xxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Thursday, January 27, 2005 1:34 PM
Subject: RE: IBM's benevolent hacking


>A "level of service" of a particular TCP/IP service is determined by a
> standards body.  Thus if there is a higher one than is currently 
supported
> by OS/400 then it is my belief that someone out there is actually using
> it.
>
> Now, IBM does have a PTF that is supposed "to fix some vulnerability
> problems" with the service in question.  Would it raise the level of
> service to that currently offered on other platforms?  No.  Is this good
> enough, meaning, does it lock down the holes?  That I am still trying to
> determine.  Did I have this PTF on before their last foray?  Yes.  What
> ptf was it?  Sorry, but that points out what service we're talking 
about.
>
> Rob Berendt
> -- 
> Group Dekko Services, LLC
> Dept 01.073
> PO Box 2000
> Dock 108
> 6928N 400E
> Kendallville, IN 46755
> http://www.dekko.com
>
>
>
>
>
> "Joe Pluta" <joepluta@xxxxxxxxxxxxxxxxx>
> Sent by: midrange-l-bounces@xxxxxxxxxxxx
> 01/27/2005 02:11 PM
> Please respond to
> Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
>
>
> To
> "'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx>
> cc
>
> Subject
> RE: IBM's benevolent hacking
>
>
>
>
>
>
> Let me get this straight.  You contracted with IBM for a security
> assessment, and they gave you a document in which there was at least one
> issue that was a TCP/IP security problem.
>
> This is where I get confused.  I don't know what a "TCP/IP level of
> service" is, but from your post, it seems there is a fix that involves
> some sort of patch to TCP/IP that is not available and will never be
> made available on OS/400.
>
> In summary, IBM has informed you of a security risk in the OS/400
> implementation of TCP/IP that IBM has said will not be fixed.  Is that
> correct?  If so, I'm sure I can find someone who has an opinion on that
> matter.
>
> A couple of other questions may help.  Is this problem fixed in pSeries
> or xSeries boxes?  Is it fixed by other OS vendors?  Is this problem
> something inherent in the RFC793 specification?  Has there been some
> additional RFC written that addresses this deficiency?
>
> Joe
>
>> From: rob@xxxxxxxxx
>>
>> Some are OS/400 TCP/IP specific.  I've opened PMR's and was told the
> newer
>> level of service is not offered under OS/400.  There was no plan on
> going
>> to that level of service.  So I don't know if I should throw chairs,
> open
>> DCR's or both.
>
> -- 
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>
> -- 
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing 
> list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
> 
-- 
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing 
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.