
Mainframes connected to the Internet - danners
http://mainframesproject.tumblr.com/
======
mattzito
Random mainframe anecdote: I remember a client in the early 2000s who had a
non-IBM mainframe that when originally implemented and designed predated the
wide availability of Ethernet and TCP/IP. Everyone knew it was a piece of junk
by the time I got involved, but their whole manufacturing system ran on it.

In order to bring it up to some semblance of modernity and allow it to print
to their shop printers, which were IP-driven, they had to get a third-party to
procure and install (or build?) an ethernet interface for the machine, and
fired up the TCP/IP stack. It kept crashing when they put it on the network,
until they finally figured out that the issue was that the TCP/IP stack didn't
understand multicast packets, and so whenever a stray multicast packet hit the
interface, the whole thing threw up its hands and gave up.

The solution was to keep the mainframe on a private network segment behind a
firewall, not for security's sake, but because it was the only way to insure
no multicast packets would hit it and halt production in three different
factories

~~~
krylon
Wow.

I managed to crash the TCP/IP stack on z/OS during my training with a runaway
Perl script that inadvertently had turned into a fork bomb. Luckily, it was
just a testing/development system, and SNA kept working, so the only person to
notice was the monitoring guy. And that system was IPL'ed on a regular basis
(with the next one scheduled one or two days from that incident), so it was no
biggie. I was really freaking out, though, until the others assured me that it
was not a problem - "This is exactly why we don't let trainees on the
production systems", as my supervisor put it.

Since that day, I only use fork() very, very cautiously. :)

------
danners
Interesting article / post about how to scan for mainframes:

[https://isc.sans.edu/forums/diary/The+80s+called+They+Want+T...](https://isc.sans.edu/forums/diary/The+80s+called+They+Want+Their+Mainframe+Back/14869/)

------
aus_
For the security researchers out there, mainframes are really under-
researched. There just aren't many people that have the expertise in the
platform required for security research. And most of the people who do have
expertise in the platform are often oblivious to technologies outside of the
mainframe. (If you've ever dealt with mainframe people, you might know what I
am talking about.) It's unfortunate, but too often true. Our best mainframe
guy is brilliant. I've never met anyone more technically skilled in his
platform. But ask him a basic Windows or a Linux question? Forget it.

With today's complex stack of multiple platforms in most enterprises, a good
security researcher, IMHO, should be fluent with both worlds. Mainframes are
where some of our most critical data is stored. When you pull up your account
balance through your bank's website, there's a good chance that value was read
off a mainframe.

Mainframers are old-school. They don't believe in public disclosure or open
security models or public audits. If you go through the DEFCON and BlackHat
archives, there's not much mainframe research out there. There's just a small
community of mainframers on the Internet, but it's a significant part of the
world's infrastructure. The mainframe world is a crazy alternate reality. (I
know, because it's my day job.)

Phillip Young, the guy who owns this Tumblr project, has made some waves in
this community. His talks are a great place to start. Here's a few resources
to get you started:

[0]: [http://mainframed767.tumblr.com/](http://mainframed767.tumblr.com/)

[1]: [http://bigendiansmalls.tumblr.com/](http://bigendiansmalls.tumblr.com/)

[2]: [https://media.blackhat.com/us-13/US-13-Young-Mainframes-
The-...](https://media.blackhat.com/us-13/US-13-Young-Mainframes-The-Past-
Will-Come-Back-to-Haunt-You-Slides.pdf)

[3]: [http://www.slideshare.net/bigendiansmalls/security-
necromanc...](http://www.slideshare.net/bigendiansmalls/security-necromancy-
publish)

[4]:
[https://defcon.org/images/defcon-22/dc-22-presentations/Youn...](https://defcon.org/images/defcon-22/dc-22-presentations/Young/DEFCON-22-Philip-
Young-From-root-to-SPECIAL-Hacking-IBM-Mainframes-Updated.pdf)

[5]:
[https://www.youtube.com/watch?v=Xfl4spvM5DI](https://www.youtube.com/watch?v=Xfl4spvM5DI)

[6]:
[https://www.youtube.com/watch?v=5Ra4Ehmifh4](https://www.youtube.com/watch?v=5Ra4Ehmifh4)

Also, IBM.com has a wealth of documentation. (They have terrible SEO though.)
Checkout the z/OS RedBooks and manauls there.

~~~
zatkin
The difficulty I see in trying to get involved with mainframes is that I can't
physically tinker with one to get those "aha" moments.

~~~
aus_
You can blame IBM for that. The fact that they haven't made it easy for
security researchers (or anyone really) to tinker hurts the platform.

Up until a few years ago, there was no legal way to run z/OS on hardware that
wasn't a million dollar hunk of iron from IBM. IBM has since made a product
called Rational Developer and Test Suite [0] available. With it, you get an
emulator and a licensed copy of z/OS that you can run on x86. Except it's
$9,500 / year.

The only saving grace is an open source project called Hercules [1] which
emulates the z/Architecture. If you don't mind breaking some copyright laws,
there is no technical reason why you can't download a copy of z/OS and run it
under Hercules. But good luck finding the latest version. Want to test your
research against the latest maintenance levels? Good luck.

[0]:
[http://www-03.ibm.com/software/products/en/ratideveandtesten...](http://www-03.ibm.com/software/products/en/ratideveandtestenviforsystz)

[1]: [http://www.hercules-390.eu/](http://www.hercules-390.eu/)

[2]:
[http://mainframed767.tumblr.com/post/40836059586/instruction...](http://mainframed767.tumblr.com/post/40836059586/instructions-
to-installing-zos-in-hercules)

------
joeshaw
On a related note, there are an alarmingly large number of hosts listening on
port 23 (unencrypted telnet) on the internet:
[https://www.shodan.io/search?query=port%3A23](https://www.shodan.io/search?query=port%3A23)

Most of them seem to be interfaces to network switches.

------
hellbanner
How do I connect to one of these on linux or OSX?

~~~
sp332

      $ telnet 212.221.26.7 23

~~~
hellbanner
thanks I was trying nc

------
ExpiredLink
BTW, if someone wants to professionally connect Mainframes and Internet:
[http://www.softwareag.com/corporate/products/adabas_natural/...](http://www.softwareag.com/corporate/products/adabas_natural/appl_mod/products/applinx/overview/default.asp)

------
yarrel
No Gibsons?

~~~
knieveltech
I see what you did there.

