Random mainframe anecdote: I remember a client in the early 2000s who had a non-IBM mainframe that when originally implemented and designed predated the wide availability of Ethernet and TCP/IP. Everyone knew it was a piece of junk by the time I got involved, but their whole manufacturing system ran on it.<p>In order to bring it up to some semblance of modernity and allow it to print to their shop printers, which were IP-driven, they had to get a third-party to procure and install (or build?) an ethernet interface for the machine, and fired up the TCP/IP stack. It kept crashing when they put it on the network, until they finally figured out that the issue was that the TCP/IP stack didn't understand multicast packets, and so whenever a stray multicast packet hit the interface, the whole thing threw up its hands and gave up.<p>The solution was to keep the mainframe on a private network segment behind a firewall, not for security's sake, but because it was the only way to insure no multicast packets would hit it and halt production in three different factories
Interesting article / post about how to scan for mainframes:<p><a href="https://isc.sans.edu/forums/diary/The+80s+called+They+Want+Their+Mainframe+Back/14869/" rel="nofollow">https://isc.sans.edu/forums/diary/The+80s+called+They+Want+T...</a>
For the security researchers out there, mainframes are really under-researched. There just aren't many people that have the expertise in the platform required for security research. And most of the people who do have expertise in the platform are often oblivious to technologies outside of the mainframe. (If you've ever dealt with mainframe people, you might know what I am talking about.) It's unfortunate, but too often true. Our best mainframe guy is brilliant. I've never met anyone more technically skilled in his platform. But ask him a basic Windows or a Linux question? Forget it.<p>With today's complex stack of multiple platforms in most enterprises, a good security researcher, IMHO, should be fluent with both worlds. Mainframes are where some of our most critical data is stored. When you pull up your account balance through your bank's website, there's a good chance that value was read off a mainframe.<p>Mainframers are old-school. They don't believe in public disclosure or open security models or public audits. If you go through the DEFCON and BlackHat archives, there's not much mainframe research out there. There's just a small community of mainframers on the Internet, but it's a significant part of the world's infrastructure. The mainframe world is a crazy alternate reality. (I know, because it's my day job.)<p>Phillip Young, the guy who owns this Tumblr project, has made some waves in this community. His talks are a great place to start. Here's a few resources to get you started:<p>[0]: <a href="http://mainframed767.tumblr.com/" rel="nofollow">http://mainframed767.tumblr.com/</a><p>[1]: <a href="http://bigendiansmalls.tumblr.com/" rel="nofollow">http://bigendiansmalls.tumblr.com/</a><p>[2]: <a href="https://media.blackhat.com/us-13/US-13-Young-Mainframes-The-Past-Will-Come-Back-to-Haunt-You-Slides.pdf" rel="nofollow">https://media.blackhat.com/us-13/US-13-Young-Mainframes-The-...</a><p>[3]: <a href="http://www.slideshare.net/bigendiansmalls/security-necromancy-publish" rel="nofollow">http://www.slideshare.net/bigendiansmalls/security-necromanc...</a><p>[4]: <a href="https://defcon.org/images/defcon-22/dc-22-presentations/Young/DEFCON-22-Philip-Young-From-root-to-SPECIAL-Hacking-IBM-Mainframes-Updated.pdf" rel="nofollow">https://defcon.org/images/defcon-22/dc-22-presentations/Youn...</a><p>[5]: <a href="https://www.youtube.com/watch?v=Xfl4spvM5DI" rel="nofollow">https://www.youtube.com/watch?v=Xfl4spvM5DI</a><p>[6]: <a href="https://www.youtube.com/watch?v=5Ra4Ehmifh4" rel="nofollow">https://www.youtube.com/watch?v=5Ra4Ehmifh4</a><p>Also, IBM.com has a wealth of documentation. (They have terrible SEO though.) Checkout the z/OS RedBooks and manauls there.
On a related note, there are an alarmingly large number of hosts listening on port 23 (unencrypted telnet) on the internet: <a href="https://www.shodan.io/search?query=port%3A23" rel="nofollow">https://www.shodan.io/search?query=port%3A23</a><p>Most of them seem to be interfaces to network switches.
BTW, if someone wants to professionally connect Mainframes and Internet: <a href="http://www.softwareag.com/corporate/products/adabas_natural/appl_mod/products/applinx/overview/default.asp" rel="nofollow">http://www.softwareag.com/corporate/products/adabas_natural/...</a>