× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Jeffrey,

The branch/site that is the source of the trouble only has win95 pc's.  Only 1 
pc shows up with activity in NetStat right now. NetStat shows the local port as 
139, 449, 8470 and 8473. Mostly 449 ( as-svrmap ). The remote port keeps on 
incrementing by 2 within the range of 1500 to 4000.

Steve Richter


---------- Original Message ----------------------------------
From: "Jeffrey Silberberg" <jsilberberg@mindspring.com>
Reply-To: midrange-l@midrange.com
Date: Wed, 15 Aug 2001 23:36:50 -0400

>Steve,
>
>        I would look for a Windoze or UNIX/SMB server that is down, that
>normally supplies a mount to the systems on this segment.  I think you are
>seeing a client attempting to re-mount a shared disk partition somewhere,
>and your iSeries box is seeing the requests.  NOTE: There is a major change
>to these messages in V4R5 documented in the Memo to users.  You could/should
>look at your routers to see what ports are being passed, and if you are not
>mounting any of the IFS stuff close off these requests with a deny rule.
>
>        Also, you could do an Exit program to drop theseon the floor, but
>depending on the volume this could busy the connection to the point of
>becoming a Denial-of-service storm so I would rather see you block it on the
>router..
>
>    From the Web Site Document : http://www.faqs.org/faqs/firewalls-faq/
>For example, a web server running on NT might be vulnerable to a number of
>denial-of-service attacks against such services as RPC, NetBIOS and SMB.
>These services are not required for the operation of a web server, so
>blocking TCP connections to ports 135, 137, 138, and 139 on that host will
>reduce the exposure to a denial-of-service attack.
>
>HUM: Second night in a row of I quoted from here !!
>
>Jeffrey M. Silberberg
>Independent Consultant
>CompuDesigns, Inc.
>
>AS SOON AS I KNOW THE ANSWERS
>THEY CHANGE THE QUESTIONS
>
>
>
>
>
>----- Original Message -----
>From: srichter <srichter@mail.autocoder.com>
>To: <midrange-l@midrange.com>
>Sent: Wednesday, August 15, 2001 10:21 PM
>Subject: Re: system under attack?
>
>
>> >Depending on your version of OS/400, there may be PTFs to fix your
>> >problem.  See, for example, PTF SF60551.  What version of OS/400 are you
>>
>> v4r4.
>> ptf sf60551 is perm applied.
>>
>> Its pretty wild.
>> With all the msgs, the system is creating an 800k history log file every
>15 minutes.
>> I asked the night person at the branch to power off all the pc's. And the
>NetStat activity continues.  He must have missed a pc.
>> I vary off all the devices and controllers, no chg. ( pc must be ip
>connected instead of netsoft )
>> When I hold the "QPWFSERVSO" job, the NetStat activity stops. But we
>released it again because we dont know what the job does and the impact of
>holding it.
>>
>> The plan is to call ibm in the morning.
>>
>> Thanks Gary,
>>
>> Steve Richter
>>
>>
>> _______________________________________________
>> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
>list
>> To post a message email: MIDRANGE-L@midrange.com
>> To subscribe, unsubscribe, or change list options,
>> visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
>> or email: MIDRANGE-L-request@midrange.com
>>
>
>
>_______________________________________________
>This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
>To post a message email: MIDRANGE-L@midrange.com
>To subscribe, unsubscribe, or change list options,
>visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
>or email: MIDRANGE-L-request@midrange.com
>
>


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.