Re: [PEN-TEST] Port 139 Open on AS400 a Security Issue?

[TOM SUTHERLAND <tsuther () SILVER-LAKE COM>]

My guess is it's the AS/400's native PC file sharing mechanism,
Netserver.  This is relatively new to the AS/400, and it wouldn't
suprise me if there were a few holes....

You might try ending the Netserver subsystem (if you don't use
Netserver) then use netstat to see if it's still listening.

That doesn't answer your question, does it. :0  Is there a reason you
need it open?

Tom Sutherland
tsuther () silver-lake com

-----Original Message-----
From: Adams, MarkRobert [mailto:mradams () KPMG COM]
Sent: Friday, August 25, 2000 4:44 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: [PEN-TEST] Port 139 Open on AS400 a Security Issue?


Are there any problems with having port 139 open on an AS400?  Everyone
knows why it's bad on M$, but I'm not sure what the security issues are
on
the AS400.

> Mark Adams
> KPMG LLP
> Information Risk Management
> mradams () kpmg com
************************************************************************
*****
The information in this email is confidential and may be legally
privileged.
It is intended solely for the addressee. Access to this email by anyone
else
is unauthorized.

If you are not the intended recipient, any disclosure, copying,
distribution
or any action taken or omitted to be taken in reliance on it, is
prohibited
and may be unlawful. When addressed to our clients any opinions or
advice
contained in this email are subject to the terms and conditions
expressed in
the governing KPMG client engagement letter.
************************************************************************
*****