× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



It would seem that you have some ports (notably 445) open through your firewall. Depending on the configuration of NAT on your router/firewall the connection could come from outside and connect to the inside address.

There are more viri than you can shake a stick at that look for open netbios shares so that they can replicate the virus. One site I help manage logs hundreds of thousands of hits a day at their firewall of people trying to get in in this manner.

As to setting up Netserver on but one IP address or Ethernet interface that isn't currently an option. I spent some time investigating this earlier this week for a customer. IF you use WINS in your network then you can get only one IP address to be registered to WINS (the one your iseres is named in CFGTCP option 12 resolves to) but the other interfaces are still available if you resolve bu IP address, LMHOSTS files or DNS.

Hope this helps,

- Larry

ouuch@xxxxxxxxxxx wrote:

Hi,

yesterday, we had some strange netbios TCP/IP connections on our AS/400's (both of them). A PC from a remote WAN location was connecting on port 445 to internal ip-addresses of our 810 and 820.

Funny thing is, the PC didn't connect to our official AS/400 addresses, but internal ones. For example, our 810 has xxx.60.66.61 as its main address (officially in the DNS) and xxx.60.65.201 for internal use (second ethernet interface). The connection was going to the 65.201 address, but Netserver is running on the 66.61.

We have the IP-address of the offender(?) and are investigating internally.

Also, before these netbios connections, I saw 2 dropped connections (in qsysopr) from addresses 10.0.0.100 and 169.254.xxx.xxx.

Netstat *cnn showed only minmal traffic (a few 100 bytes) on those port 445 connections. Once again, the remote PC was connecting to port 445 on both AS/400s.

Any ideas what this could have been? I regularly look at netstat *cnn and know the IP-address which show up there. I never have seen such connections before.

Can I restrict Netserver to a specific ethernet interface?

Thanks,






As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.