Jon,
On Tue, 12 Feb 2008, Jon Kibler wrote:
Hi,
I have a client with AS400s on their LAN. They want a vulnerability
scan, but having been burned in the past, I want to ask before doing:
Are there any issues with scanning (nmap, nessus, etc.) AS400s?
Personally, I've never experienced availability problems while pen-testing
AS/400 boxen, but since they're usually an extremely critical point of a
Customer's infrastructure I'd recommend you not to perform any potentially
dangerous operations on them.
For instance, I wouldn't feel comfortable with insane timing Nmap scans,
and I would think twice before blindly running a Nessus scan. You should
also pay special attention to brute force attacks, that might cause
account lockouts or worse, depending on target's configuration.
The rule of thumb here is: don't abuse automated scanners and be gentle;)
Also, make sure that your Customer knows about the risks, so that you may
agree in advance on what to test (e.g. only "stable" services?), when to
test (e.g. at night or during the week-end?), and so on.
While I am at it, any good information on AS400 security? I see a few
corporately published books for sale on the net about AS400 security,
but I don't want to drop a couple of grand for a book by some
organization I am not familiar with.
This is a good starting point on AS/400 security:
http://www.venera.com/downloads.htm
I bought Shalom's "Hacking iSeries" book, and i'm very satisfied with it.
Official IBM documentation and Google are your friends as well;)
Hope this helps,
--
Marco Ivaldi, OPST
Red Team Coordinator Data Security Division
@ Mediaservice.net Srl http://mediaservice.net/
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
