× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



> every 5 to 10 minutes
could be a scripted attack.
btw-quit is a valid ftp command - any chance someone's legit ftp pointed to
wrong port?
jim

----- Original Message -----
From: "Frank W. Kany IV" <frank.kany@burr-reid.org>
To: <midrange-l@midrange.com>
Sent: Tuesday, April 02, 2002 10:42 AM
Subject: Re: Devices created automatically


> The problem has been happening constantly every 5 to 10 minutes since the
> system started up at 3am this morning.  Our firewall was not working
> properly and had to be reset when I came into work.  We are also thinking
> that it might be a hacker problem.
>
> Frank W. Kany IV
>
> ----- Original Message -----
> From: "Philipp Rusch" <Philipp.Rusch@rusch-edv.de>
> To: <midrange-l@midrange.com>
> Sent: Tuesday, April 02, 2002 10:34 AM
> Subject: Re: Devices created automatically
>
>
> > Hello Frank,
> >
> > Somebody is trying to get into your system, obviously through
> > some kind of telnet and using a client configured as a VT100 terminal
...
> > Did you change something in your network ?
> > Is this network conneted to other networks? Internet ? Routers ?
> >
> > HTH, Philipp Rusch
> >
> > "Frank W. Kany IV" schrieb:
> >
> > > This is a multi-part message in MIME format.
> > > --
> > > [ Picked text/plain from multipart/alternative ]
> > > Devices are being created automatically every 5 to 10 minutes on our
> AS/400 (V4R3).  We have no idea how this is happening.  This only started
> happening for the past 2 days.  We delete these devices and they come
right
> back.  Email me directly if you have any questions:
> frank.kany@burr-reid.org
> > >
> > > This is what the devices look like:
> > > ================================================  Device
> Type        Text
> > >  QPADEV000B   V100        Device created for S1029348.
> > > QPADEV000C   V100        Device created for S1029348.
> > > QPADEV000D  V100        Device created for S1029348.
> > > QPADEV000F   V100        Device created for S1029348.
> > > QPADEV0001   V100        Device created for S1029348.
> > > QPADEV0002   V100        Device created for S1029348.
> > > QPADEV0003   V100        Device created for S1029348.
> > > QPADEV0004   V100        Device created for S1029348.
> > >
> > > We don't even have a user named "quit"
> > > ================================================
> > > Message ID . . . . . . :   CPF1397
> > > Date sent  . . . . . . :   04/02/02      Time sent  . . . . . . :
> 09:34:03
> > >
> > > Message . . . . :   Subsystem QINTER varied off work station
QPADEV000D
> for
> > >   user QUIT.
> > >
> > > Cause . . . . . :   The maximum number of sign on attempts specified
by
> system
> > >   value QMAXSIGN has been reached.  The device has been varied off for
> > >   security reasons.
> > > Recovery  . . . :   After checking with your security officer, vary
the
> device
> > >   on using the Vary Configuration (VRYCFG) command.
> > >
> > > Hope this information helps.
> > > =================================================
> Display Device Description
> > >
> > > Device description . . . . . . . . :   QPADEV000D
> > > Option . . . . . . . . . . . . . . :   *BASIC
> > > Category of device . . . . . . . . :   *DSP
> > >
> > > Device class . . . . . . . . . . . :   *VRT
> > > Device type  . . . . . . . . . . . :   V100
> > > Device model . . . . . . . . . . . :   *ASCII
> > > Emulated twinaxial device  . . . . :   3196A2
> > > Online at IPL  . . . . . . . . . . :   *NO
> > > Attached controller  . . . . . . . :   QPACTL01
> > > --
> > >
> > > _______________________________________________
> > > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> list
> > > To post a message email: MIDRANGE-L@midrange.com
> > > To subscribe, unsubscribe, or change list options,
> > > visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> > > or email: MIDRANGE-L-request@midrange.com
> > > Before posting, please take a moment to review the archives
> > > at http://archive.midrange.com/midrange-l.
> >
> > _______________________________________________
> > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> list
> > To post a message email: MIDRANGE-L@midrange.com
> > To subscribe, unsubscribe, or change list options,
> > visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> > or email: MIDRANGE-L-request@midrange.com
> > Before posting, please take a moment to review the archives
> > at http://archive.midrange.com/midrange-l.
> >
>
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@midrange.com
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> or email: MIDRANGE-L-request@midrange.com
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.