Penetration Testing mailing list archives
RE: AS400 Net Recon
From: "Rivest, Philippe" <Rivestp () metro ca>
Date: Fri, 15 Feb 2008 08:58:42 -0500
Hello, I came across a website a few months back that showed me a few things to test for AS400. I read the whole thing and I found it pretty nice even if I assume it is far from complete. I'm sending this as a reference. http://www.venera.com/ http://www.venera.com/downloads.htm FYI: If you're doing a pen-test get a written approval of the steps you may take and the possible effect (DOS). If the client does not want down time, I would strongly suggest having a test lab first. In both cases, get it down on paper. Hope this helps Merci Philippe Rivest, Certified Ethical Hacker Analyste en sécurité de l'information Métro Richelieu 450-662-3300x3115 PEst-ce vraiment nécessaire d'imprimer cette page ? -----Message d'origine----- De : listbounce () securityfocus com [mailto:listbounce () securityfocus com] De la part de Jon Kibler Envoyé : mardi 12 février 2008 15:12 À : pen-test () securityfocus com Objet : AS400 Net Recon Hi, I have a client with AS400s on their LAN. They want a vulnerability scan, but having been burned in the past, I want to ask before doing: Are there any issues with scanning (nmap, nessus, etc.) AS400s? While I am at it, any good information on AS400 security? I see a few corporately published books for sale on the net about AS400 security, but I don't want to drop a couple of grand for a book by some organization I am not familiar with. Any help appreciated. Jon K. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- AS400 Net Recon Jon Kibler (Feb 14)
- RE: AS400 Net Recon Rivest, Philippe (Feb 15)
- RE: AS400 Net Recon Bob Woods (Feb 15)
- Re: AS400 Net Recon Marco Ivaldi (Feb 15)
- Re: AS400 Net Recon xelerated (Feb 15)
- RE: AS400 Net Recon John Bussert (Feb 19)
- <Possible follow-ups>
- Fwd: AS400 Net Recon Sat Jagat Singh (Feb 15)