Unlock the userid and reset the password.

-----Original Message-----
From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of 
William Boyer
Sent: Thursday, February 27, 2020 1:06 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: SERVAUTH (RACF CLASS) profile causing a looping CPU

[CAUTION: This Email is from outside the Organization. Do not click links or 
open attachments unless you trust the sender.]

We have defined SERVAUTH profiles EZB.NETACCESS.x.x.x and made the appropriate 
entries in SYS1.TCPPARMS (PROFILE) NETACCESS. (Our client requires that we 
follow the DISA STIG which requires these profiles to be setup.)

Everything was working as designed until...

One of our employees was attempting to transfer, using NDM aka Connect:Direct, 
several datasets from a client site to our site and they typed their password 
incorrectly.  Apparently he typed it wrong three times and that revoked his 
userid.  But the other datasets the client NDM had on their queue tried to 
initiate the TCP/IP connection. The SERVAUTH profile was checked and RACF 
returned a NOT AUTHORIZED because he was a revoked user which broke the TCP/IP 
connection.  The originating NDM only saw the connection drop so it tried to 
reconnect:  7,460 times in around 27 minutes. Apparently this much TCP/IP 
traffic was enough to cause other things to fail.  I was able to stop our NDM 
from the operator console but could not get logged on to TSO.

Question.  Any ideas on how to stop this kind of looping?  (Removing NETACCESS 
is not an option.)

While this was unintentional it seems by enabling the SERVAUTH TCP/IP NETACCESS 
we now have easy way for someone to institute a denial of service.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
::DISCLAIMER::
________________________________
The contents of this e-mail and any attachment(s) are confidential and intended 
for the named recipient(s) only. E-mail transmission is not guaranteed to be 
secure or error-free as information could be intercepted, corrupted, lost, 
destroyed, arrive late or incomplete, or may contain viruses in transmission. 
The e mail and its contents (with or without referred errors) shall therefore 
not attach any liability on the originator or HCL or its affiliates. Views or 
opinions, if any, presented in this email are solely those of the author and 
may not necessarily reflect the views or opinions of HCL or its affiliates. Any 
form of reproduction, dissemination, copying, disclosure, modification, 
distribution and / or publication of this message without the prior written 
consent of authorized representative of HCL is strictly prohibited. If you have 
received this email in error please delete it and notify the sender 
immediately. Before opening any email and/or attachments, please check them for 
viruses and other defects.
________________________________

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Reply via email to