WT Hire AS400 Network Admin

[boost]

I don't know the as400 AT ALL! I tried searching for an as400 network admin but didn't have any real results so I figured maybe GH has a as400 guru.

We need to access the as400 from by using a site to site VPN. The tunnel is currently setup and is working. When the tunnel is active I can ping any servers on my and get a reply but for some ****ed up reason we can't access the as400 for ****. Tunnel is setup to allow TCP500/TCP4500/IP/Telnet.

Looking for some to configure the network side of the as400.

If by any luck that GB has a as400 guru, Please email at boost@geekhack.org with you hourly rate(will be paid via PP, company check, w/e), experience, ect**This is a time sensitive matter and needs to be resolved by Monday.

Thanks
Bost

[Trent]

I've audited some Unix style systems, AIX, HP-UX and have some knowledge in IBM z/OS.  I don't have a bunch of AS400 experience but I'm happy to attempt to help with my current knowledge.  I wouldn't say I'm billable to this nature though, since I don't have advanced experience with AS400.

Edit: And why Telnet?  SSH or bust.  Doesn't matter if it is an internal system or not, Telnet is a big no no.

[boost]

I've audited some Unix style systems, AIX, HP-UX and have some knowledge in IBM z/OS.  I don't have a bunch of AS400 experience but I'm happy to attempt to help with my current knowledge.  I wouldn't say I'm billable to this nature though, since I don't have advanced experience with AS400.

Edit: And why Telnet?  SSH or bust.  Doesn't matter if it is an internal system or not, Telnet is a big no no.

Clients wants telnet up for "testing" tho i don't know why and dont ask questions..

[Trent]

I've audited some Unix style systems, AIX, HP-UX and have some knowledge in IBM z/OS.  I don't have a bunch of AS400 experience but I'm happy to attempt to help with my current knowledge.  I wouldn't say I'm billable to this nature though, since I don't have advanced experience with AS400.

Edit: And why Telnet?  SSH or bust.  Doesn't matter if it is an internal system or not, Telnet is a big no no.

Clients wants telnet up for "testing" tho i don't know why and dont ask questions..

Ugh I've heard that before.  Ask why, ask questions.  It is sad to see enterprise level systems still with Telnet access.  Explain how bloody easy it is to sniff telnet passwords on an internal network with MiTM attacks.  SSH at least makes it more difficult.

[boost]

I've audited some Unix style systems, AIX, HP-UX and have some knowledge in IBM z/OS.  I don't have a bunch of AS400 experience but I'm happy to attempt to help with my current knowledge.  I wouldn't say I'm billable to this nature though, since I don't have advanced experience with AS400.

Edit: And why Telnet?  SSH or bust.  Doesn't matter if it is an internal system or not, Telnet is a big no no.

Clients wants telnet up for "testing" tho i don't know why and dont ask questions..

Ugh I've heard that before.  Ask why, ask questions.  It is sad to see enterprise level systems still with Telnet access.  Explain how bloody easy it is to sniff telnet passwords on an internal network with MiTM attacks.  SSH at least makes it more difficult.

yep, the big thing is that they DONT BELIEVE IN CHANGE!

[mmmty]

That's craaaazy. People still using this thing? I took AS/400 class and don't ever want to do that again. I still have this book though.

[Grimey]

Cover is at least interesting, better than the random animal Orielly variants.

[TranscendingLogic]

I'm not a network admin, but try  the CFGTCP command. It will bring up a menu with the following options allowing you to view & change various TCP/IP settings. Maybe a regular network tech could review the existing configuration and identify any missing entries.

 1. Work with TCP/IP interfaces
 2. Work with TCP/IP routes
 3. Change TCP/IP attributes
 4. Work with TCP/IP port restrictions
 5. Work with TCP/IP remote system information

10. Work with TCP/IP host table entries
11. Merge TCP/IP host table
12. Change TCP/IP domain information

20. Configure TCP/IP applications
21. Configure related tables
22. Configure point-to-point TCP/IP

...also NETSTAT

1. Work with TCP/IP interface status
2. Display TCP/IP route information
3. Work with TCP/IP connection status

[Trent]

That's craaaazy. People still using this thing? I took AS/400 class and don't ever want to do that again. I still have this book though.

Show Image

I've seen OpenVMS, Solaris, SunOS, AIX, AS/400 all in use.  The military and government still use DEC PDP's for certain mission critical systems.  Some are originals with others being specialized proprietary systems that run DEC PDP virtual machines (with a modern amount of processing power and RAM).

[QCONTROLWEST]

i would not give telnet access either.  Not secure at all.  System should be setup to use IBM emulation software for green screen interacing.   Of course, your probably using Cisco VPN or something, and the AS400 person would need to have that installed in order to get into your network.
Unless there is another way like direct dial to the AS400, which is probably not set up on the AS400 as it sounds like you are not set up with digital certs/SSH on the AS400/iSeries itself, as well.  Someone would need to be on site to get this done.  At least securely.  It is not a minor thing and there are other considerations.

I could assist you with this if you want to get me to your shop.
Where are you ?

[boost]

i would not give telnet access either.  Not secure at all.  System should be setup to use IBM emulation software for green screen interacing.   Of course, your probably using Cisco VPN or something, and the AS400 person would need to have that installed in order to get into your network.
Unless there is another way like direct dial to the AS400, which is probably not set up on the AS400 as it sounds like you are not set up with digital certs/SSH on the AS400/iSeries itself, as well.  Someone would need to be on site to get this done.  At least securely.  It is not a minor thing and there are other considerations.

I could assist you with this if you want to get me to your shop.
Where are you ?

Vpn is site but can ever machine in my side except the as400... This is where I'm stuck. Vpn passes phase 1 and 2 correctly.

[Trent]

i would not give telnet access either.  Not secure at all.  System should be setup to use IBM emulation software for green screen interacing.   Of course, your probably using Cisco VPN or something, and the AS400 person would need to have that installed in order to get into your network.
Unless there is another way like direct dial to the AS400, which is probably not set up on the AS400 as it sounds like you are not set up with digital certs/SSH on the AS400/iSeries itself, as well.  Someone would need to be on site to get this done.  At least securely.  It is not a minor thing and there are other considerations.

I could assist you with this if you want to get me to your shop.
Where are you ?

SSHing to a system with Putty would be a fine level of security.  Sure IBM offers products to interact directly but many times its for an added cost.

[boost]

Solved!!!

The 400 had the route set to hop back to itself....