× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. December 2007

Hacker/400 (was: Who is my i5 trying to connect to, and why?)

What message codes are you looking for to see this stuff?

I would like to see if I have anything similar around the time of apparent hacker visitations, where the security audit log says they failed to sign on because they could not get a valid user-id, using identities like the following recent efforts:
Q33333
=3333
=333333
==
@@@@@33
@323@@1#
The user-ids seem to have combinations of @ = 3 & special characters often many strings of one of them ... since on AS/400 a user-id needs to start with a letter of the alphabet, some of these hackers will never get onto ANY system like ours

Most of our identities are people names or initials, although when we get new users I tell them it can be any fine upstanding "identity" they want people to associate with them in messages/400, so over the years we have had a few users with sign-on identities like GURU WIZARD EXPERT and so forth.

We are on V5R1 due to BPCS feature code "Astronomical fees for any upgrade"

Message . . . . : TCP/IP connection to remote system 70.145.58.103 closed,
reason code 1.
Cause . . . . . : The TCP/IP connection to remote system 70.145.58.103 has
been closed. The connection was closed for reason code 1. Full connection
details for the closed connection include:
- local IP address is 192.168.1.16
- local port is 80
- remote IP address is 70.145.58.103
- remote port is 50639

Aha...

Well, it appears it's no big deal, then. Just hackers trying to get into my
system and failing.


> -----Original Message-----
> From: Bryan Dietz
> Subject: Re: Who is my i5 trying to connect to, and why?
>
>
> Brad, Put your cursor on one of messages and press F-1. In there you
> will see port information.
>
> Most likely they will be headed to port 80. I you see other ports in
> the help I would investigate what you have opened up to the system.
>
> I like to you IPNetInfo:
> http://www.nirsoft.net/utils/ipnetinfo.html
> to help figure out where the IP addresses are from.
>
> Happy Hunting,
> Bryan
>
>
> Bradley V. Stone said the following on 12/23/2007 9:00 AM:
> > I was checking out the QSYSOPR messages today and noticed a few
> of these:
> >
> > TCP/IP connection to remote system 192.168.1.1 closed, reason code 1.
> > TCP/IP connection to remote system 89.122.213.8 closed, reason code 2.
> > TCP/IP connection to remote system 89.122.213.8 closed, reason code 2.
> > TCP/IP connection to remote system 72.166.155.41 closed, reason code 2.
> > TCP/IP connection to remote system 72.166.155.41 closed, reason code 2.
> > TCP/IP connection to remote system 72.166.155.41 closed, reason code 2.
> > TCP/IP connection to remote system 67.82.120.36 closed, reason code 2.
> > TCP/IP connection to remote system 70.145.58.103 closed, reason code 1.
> >
> > Now, I'm pretty sure I don't have anything that would go out to
> connect to a
> > remote system (like GETURI). I do have apache running my web page.
> >
> > The funny thing is, the first one in the list is my router.
> The other ones,
> > I have no idea who they are. I looked them up in DNSStuff but nothing
> > "clicked".
> >
> > Any ideas?
> >
> > Brad



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.