1.  Home
  2. MIDRANGE-L
  3. April 2020

RE: QSYS.LIB under IFS root

Another vector they will use is the domain. If the IBM i is on the same
domain as the AD or other systems, then that provides another attack vector.
We've been suggesting multiple domains for major sets of systems. A pain to
get set up and initial administration, but it's paid off in avoiding one of
the vectors the bad guys use.

--
Jim Oberholtzer
Agile Technology Architects

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Justin
Taylor
Sent: Monday, April 27, 2020 8:55 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: QSYS.LIB under IFS root

That would be an example of "security by obscurity". It is a common pattern
among various malware to hit mapped drives on the affected PC. That doesn't
mean the malware couldn't hit other network shares as well.



-----Original Message-----
From: iseriesstuff [mailto:iseriesstuff@xxxxxxxxx]
Sent: Monday, April 27, 2020 7:33 AM
To: midrange-l@xxxxxxxxxxxxxxxxxx
Subject: Re: QSYS.LIB under IFS root

I understand that point, but if the drive is not "mapped", can the
ransomware find the path if it contains the $ character in it? So my share
location is trytofindme$. I dont map a drive to. Can the ransomeware still
find it?

I do agree about not sharing root by the way, this is more a just wondering
question.

On 4/27/2020 8:24 AM, Rob Berendt wrote:
Yes. But you're really missing the point. If the user who is using this
share has a pc which gets hit by ransomeware it will lock all objects on
your IBM i and it will basically be toast.
Remove the share.

Rob Berendt

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate link:
https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.