× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. September 2007

RE: Someone hacking my i5?

This could very well be explained by worms scanning for exploitable HTTP
servers.

Another reason for this messages can be ESA, the electronic service
agent, but if that were the case the IP addresses would resolve to be
IBM-owned.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of albartell
Sent: Friday, September 07, 2007 3:14 PM
To: 'Midrange Systems Technical Discussion'
Subject: RE: Someone hacking my i5?

I have a firewall in place and have a hole punched through to get access
to
my System i5 Apache instance. FTP is running, but can only be accessed
within my LAN.

Aaron Bartell
http://mowyourlawn.com

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Jim Franz
Sent: Friday, September 07, 2007 8:00 AM
To: Midrange Systems Technical Discussion
Subject: Re: Someone hacking my i5?

are you running apache webserver?
ftp? (w/exit pgm?)
netserver?
dns?
is outside stuff blocked at firewall??
jim franz

----- Original Message -----
From: <stenore@xxxxxxx>
To: <midrange-l@xxxxxxxxxxxx>
Sent: Friday, September 07, 2007 8:55 AM
Subject: Re: Someone hacking my i5?


Try this website
http://www.ip-adress.com/index.php?rv=ec6c52cccdea5e368b6064f2a8e5632d

the 222.216.28.135? comes up to





IP address:

222.216.28.135 (Copy)



IP country:

China



IP address state:

Guangxi



IP address city:

Nanning



IP latitude:

22.816700



IP longitude:

108.316597



ISP:

CHINANET Guangxi province network



Organization:

CHINANET Guangxi province network



Local Time:

2007-09-07 20:46




All but hte last one are from China currently

The last one is a US address




IP address:

38.98.163.9 (Copy)



IP country:

United States



IP address state:

Illinois



IP address city:

Chicago



IP latitude:

41.867500



IP longitude:

-87.674400



ISP:

Performance Systems International



Organization:

Performance Systems International



Local Time:

2007-09-07 07:47



?



















-----Original Message-----
From: Jim Franz <franz400@xxxxxxxxxxxx>
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
Sent: Fri, 7 Sep 2007 8:36 am
Subject: Re: Someone hacking my i5?



what tcp servers are running?
use netstat cmd and opt 3 to display connections
see what remote addresses connected
jim franz
----- Original Message -----
From: "albartell" <albartell@xxxxxxxxx>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxx>
Sent: Friday, September 07, 2007 8:33 AM
Subject: Someone hacking my i5?


I was doing a DSPMSG QSYSOPR today and noticed some messages I am not
used
to seeing and was curious to know if anybody might know where they
are
coming from.

TCP/IP connection to remote system 222.216.28.135 closed, reason code
2.
TCP/IP connection to remote system 125.65.112.108 closed, reason code
2.
TCP/IP connection to remote system 222.216.28.135 closed, reason code
2.
TCP/IP connection to remote system 38.98.163.9 closed, reason code 2.
...

Reason codes and their meanings follow:
2 = TCP connection closed due to R2 retry threshold being run.


None of those IP addresses are from my LAN/WAN (obviously).

Thanks,
Aaron Bartell
http://mowyourlawn.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing

list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.





As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.