Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Vista
Penetration Testing
username and Password sent as clear text strings May 14 2008 10:39AM
jfvanmeter comcast net (6 replies)
Re: username and Password sent as clear text strings May 20 2008 12:06AM
Matthew Zimmerman (mzimmerman gmail com) (1 replies)
Re: username and Password sent as clear text strings May 20 2008 08:43AM
David Howe (DaveHowe Pentest googlemail com) (1 replies)
Re: username and Password sent as clear text strings May 21 2008 06:40PM
Matthew Zimmerman (mzimmerman gmail com) (1 replies)
Re: username and Password sent as clear text strings May 23 2008 09:39AM
David Howe (DaveHowe Pentest googlemail com)
Re: username and Password sent as clear text strings May 15 2008 02:35PM
Orlin Gueorguiev (orlin baturov com)
RE: username and Password sent as clear text strings May 15 2008 02:29PM
Jones, David H (Jones David H principal com) (1 replies)
Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? May 16 2008 02:46AM
Brahnda A. Eleazar (brahnda e hermisconsulting com) (4 replies)
Re: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? May 17 2008 07:49AM
Rick Zhong (sagiko gmail com) (1 replies)
RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? May 26 2008 02:08AM
Brahnda A. Eleazar (brahnda e hermisconsulting com) (1 replies)
RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? May 27 2008 07:39AM
Adriano Leite (DHL CZ) (Adriano Dias Leite dhl com) (1 replies)
RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? May 29 2008 02:33AM
Brahnda A. Eleazar (brahnda e hermisconsulting com)
Re: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? May 16 2008 05:08PM
pand0ra (pand0ra usa gmail com) (1 replies)
Re: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? May 16 2008 09:46PM
pand0ra (pand0ra usa gmail com)
RE: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? May 16 2008 12:39PM
Newton, Preston (cpnewton eprod com)
Re: Dangerous in using nmap for AS/400 730 machine configured with 3 ASPs? May 16 2008 07:08AM
Jon Kibler (Jon Kibler aset com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brahnda A. Eleazar wrote:
> Peace all,
>
> I am wondering whether this is related or not.
> I was in the middle of beginning a pentest activity for a network segment containing quite a number of AS400 (Production).
> I started with a simple nmap first to see what I am facing.
> My command was (IPs are masked) "nmap -sV -vv -p 8470-8476 -o firsttry_port.nmap xxx.xxx.xxx.0/24"
> This lasted for about 15 minutes.
>
> After about 2 hours later, 2 out of 50+ identifiable machines started having problems.
> They became very slow.
> Those two machines are using ASP (Auxiliary Storage Pools), 1 ASP on the 1st machine and 2 ASPs on the 2nd.
>
> I just want to get more information whether my nmap did anything "bad"? :)
>
> Thanks and Regards,
> =adley=
>
>

Most likely you hosed the IP stack. I wrote a question about this a few
months ago before I started testing a net with a couple of AS/400s. I
took out both boxes. I had forewarned the client that this was a good
possibility, and they were prepared.

Try to reboot the boxes. It worked for me.

If that does not work, you may have killed the NICs or BIOS/firmware. I
have seen that happen before on other non-PC equipment (security, HVAC,
etc.), but not AS/400s, but it is a possibility.

Lots of luck!

Please let us all know what you find.

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkgtMtEACgkQUVxQRc85QlMy7wCfVs5H1SzvlkC+5+BAE/SQOFr/
vvsAn2OifUdhdg/TGGZRg1skxULnuiKD
=2qjB
-----END PGP SIGNATURE-----

==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.

------------------------------------------------------------------------

This list is sponsored by: Cenzic

Top 5 Common Mistakes
in Securing Web Applications
Find out now! Get Webinar Recording and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

[ reply ]
RE: username and Password sent as clear text strings May 15 2008 12:33PM
Shenk, Jerry A (jshenk decommunications com)
Re: username and Password sent as clear text strings May 15 2008 03:12AM
Todd Haverkos (fsbo haverkos com) (1 replies)
Collection of problems in production systems while pen-testing - "Butterfly effect" May 27 2008 08:10AM
Adriano Leite (DHL CZ) (Adriano Dias Leite dhl com)
RE: username and Password sent as clear text strings May 15 2008 02:34AM
Shenk, Jerry A (jshenk decommunications com)







 

Privacy Statement
Copyright 2008, SecurityFocus