Would this qualify as a potential for a DOS attack?
IBM i 7.2, recent PTF's
CRTUSRPRF USRPRF(DUMMY) USRCLS(*USER) SPCAUT(*NONE)
Sign on as DUMMY
STRSQL (or any number of publicly available sql tools, most of which do
not require 5250 command line access)
select *
from qsys2.system_value_info
where system_value_name like 'QMAXS%'
If QMAXSGNACN>1
record the value for QMAXSIGN
SELECT OBJNAME
FROM TABLE (QSYS2.OBJECT_STATISTICS('QUSRSYS','MSGQ') ) AS X
Then for each object name returned attempt to sign on (QMAXSIGN + 1)
times. Apparently invalid FTP sessions will work just fine.
Would this end up disabling a plethora of user profiles on your system?
Sure, you may have user profiles secured, but not their message queues.
Otherwise it makes it really tough to receive messages. :-)
This is why we do not disable user profiles upon invalid sign on attempts.
Rob Berendt
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
