× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2002

Re: Devices created automatically

You might want to put in an exit program for TELNET. You'll get the IP
address of the requester. See the following, ftom Tips and Tools

Overview of the TELNET Exit Program Capability
Beginning with V4R2, you can register user-written exit programs that run both
when a TELNET session starts and when it ends. Following are examples of what
you can do when you start the exit program:
v If you are at V4R4 and have installed the PTFs mentioned above, you can use
the new Server (local) IP address on multi-homed iSeries 400 servers to route
connections to different subsystems based on the network interface (IP
address).
v Allow or deny the session, based on any known criteria, such as the user’s IP
address, the time of day, and the requested user profile.
v Assign a specific iSeries device description for the session. This allows
routing of
the interactive job to any sub-system set up to receive those devices.
v Assign specific National Language values for the session, such as
keyboard and
character set.
v Assign a specific user profile for the session.
v Automatically sign on the requestor (without displaying a Sign On display).
v Set up audit logging for the session.
For more information about the TELNET exit programs, see Appendix E, TCP/IP
Application Exit Points and Programs in the TCP/IP Configuration and Reference
book. You can find a sample program at the following Web location:
http://www.as400.ibm.com/tstudio/tech_ref/tcp/indexfr.htm
or go to the Information Center, select Networking —> TCP/IP –> TCP/IP
Services and Applications —> Telnet —> sample Telnet exit programs.

You'll need to dig around, because that path in InfoCenter is not valid for
v5r1 - no surprise here.

Web site is good.

At 10:42 AM 4/2/02 -0500, you wrote:
>The problem has been happening constantly every 5 to 10 minutes since the
>system started up at 3am this morning.  Our firewall was not working
>properly and had to be reset when I came into work.  We are also thinking
>that it might be a hacker problem.
>
>Frank W. Kany IV
>
>----- Original Message -----
>From: "Philipp Rusch" <Philipp.Rusch@rusch-edv.de>
>To: <midrange-l@midrange.com>
>Sent: Tuesday, April 02, 2002 10:34 AM
>Subject: Re: Devices created automatically
>
>
> > Hello Frank,
> >
> > Somebody is trying to get into your system, obviously through
> > some kind of telnet and using a client configured as a VT100 terminal ...
> > Did you change something in your network ?
> > Is this network conneted to other networks? Internet ? Routers ?
> >
> > HTH, Philipp Rusch
> >
> > "Frank W. Kany IV" schrieb:
> >
> > > This is a multi-part message in MIME format.
> > > --
> > > [ Picked text/plain from multipart/alternative ]
> > > Devices are being created automatically every 5 to 10 minutes on our
>AS/400 (V4R3).  We have no idea how this is happening.  This only started
>happening for the past 2 days.  We delete these devices and they come right
>back.  Email me directly if you have any questions:
>frank.kany@burr-reid.org
> > >
> > > This is what the devices look like:
> > > ================================================  Device
>Type        Text
> > >  QPADEV000B   V100        Device created for S1029348.
> > > QPADEV000C   V100        Device created for S1029348.
> > > QPADEV000D  V100        Device created for S1029348.
> > > QPADEV000F   V100        Device created for S1029348.
> > > QPADEV0001   V100        Device created for S1029348.
> > > QPADEV0002   V100        Device created for S1029348.
> > > QPADEV0003   V100        Device created for S1029348.
> > > QPADEV0004   V100        Device created for S1029348.
> > >
> > > We don't even have a user named "quit"
> > > ================================================
> > > Message ID . . . . . . :   CPF1397
> > > Date sent  . . . . . . :   04/02/02      Time sent  . . . . . . :
>09:34:03
> > >
> > > Message . . . . :   Subsystem QINTER varied off work station QPADEV000D
>for
> > >   user QUIT.
> > >
> > > Cause . . . . . :   The maximum number of sign on attempts specified by
>system
> > >   value QMAXSIGN has been reached.  The device has been varied off for
> > >   security reasons.
> > > Recovery  . . . :   After checking with your security officer, vary the
>device
> > >   on using the Vary Configuration (VRYCFG) command.
> > >
> > > Hope this information helps.
> > > =================================================
>Display Device Description
> > >
> > > Device description . . . . . . . . :   QPADEV000D
> > > Option . . . . . . . . . . . . . . :   *BASIC
> > > Category of device . . . . . . . . :   *DSP
> > >
> > > Device class . . . . . . . . . . . :   *VRT
> > > Device type  . . . . . . . . . . . :   V100
> > > Device model . . . . . . . . . . . :   *ASCII
> > > Emulated twinaxial device  . . . . :   3196A2
> > > Online at IPL  . . . . . . . . . . :   *NO
> > > Attached controller  . . . . . . . :   QPACTL01
> > > --
> > >
> > > _______________________________________________
> > > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
>list
> > > To post a message email: MIDRANGE-L@midrange.com
> > > To subscribe, unsubscribe, or change list options,
> > > visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> > > or email: MIDRANGE-L-request@midrange.com
> > > Before posting, please take a moment to review the archives
> > > at http://archive.midrange.com/midrange-l.
> >
> > _______________________________________________
> > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
>list
> > To post a message email: MIDRANGE-L@midrange.com
> > To subscribe, unsubscribe, or change list options,
> > visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
> > or email: MIDRANGE-L-request@midrange.com
> > Before posting, please take a moment to review the archives
> > at http://archive.midrange.com/midrange-l.
> >
>
>
>_______________________________________________
>This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
>To post a message email: MIDRANGE-L@midrange.com
>To subscribe, unsubscribe, or change list options,
>visit: http://lists.midrange.com/cgi-bin/listinfo/midrange-l
>or email: MIDRANGE-L-request@midrange.com
>Before posting, please take a moment to review the archives
>at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.