× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.




Actually... I did some testing and found a way to reproduce similar looking
entries...

All I had to do was have something invalid on the user name field of the
login screen, and then hold the ENTER key down. The audit journal receiver
would show a continual set of 'U' type PW entries with the user name
showing whatever was in that field on the login screen.

I think what i'm seeing is that several times during the month, something
has been laid down for several minutes on the enter key (and several other
keys) of a terminal out in the plant. I can see that happening without
any stretch of the imagination at all!




macwheel99@wowway
.com
Sent by: To
midrange-l-bounce Midrange Systems Technical
s@xxxxxxxxxxxx Discussion
<midrange-l@xxxxxxxxxxxx>
cc
02/09/2009 02:12
PM Subject
Re: 'Junk' entries on a failed
signon report
Please respond to
Midrange Systems
Technical
Discussion
<midrange-l@midra
nge.com>






We also get this kind of entry on our audit log. We don't know for sure
what causing them.

I belive the causes include:
Some other company has a wrong # when their computer tries to connect to
some other computer down the e-street from us ... they are using some sign-
on that is invalid for AS/400, such as 0Q@@@33, so they must be on some
other kind of computer system.

Or it could be a hacker.

Sometimes a PC connection is flakey ... there is like a flicker on the
line ... see me, not see me, see me, not see me & each flicker is a hit on
the sign on log.

On Mon, 9 Feb 2009 11:47:20 -0500, ChadB wrote
I'm doing some work on an audit journal based failed signon type
report...
I've got a good workable version, but am finding several instances
throughout the month where I get a large volume of entries with an
invalid
user name bouncing off the system in rapid succession (causing maybe
1000 entries or so). I'm trying to figure out what is triggering
these... the devices are plant based terminals on our campus
(Powerterm 5250). I'll post a few examples below... they look more
like some type of glitch than any real login attempt. The examples
are an abbreviated listing from each of the instances... in reality
they take up 20-40 pages:

Type DATE TIME Job IPv4 Viol User
Device
Name IPv6
Typ Name
PW 2009/01/06 01:01:24 WINTER 4 U .
TPLT151
PW 2009/01/06 01:01:24 WINTER 4 U .
TPLT151
PW 2009/01/06 01:01:25 WINTER 4 U .
TPLT151
PW 2009/01/06 01:01:25 WINTER 4 U .
TPLT151
PW 2009/01/06 01:01:25 WINTER 4 U .
TPLT151
PW 2009/01/06 01:01:25 WINTER 4 U .
TPLT151
PW 2009/01/06 01:01:25 WINTER 4 U .
TPLT151
PW 2009/01/06 01:01:25 WINTER 4 U .
TPLT151
PW 2009/01/06 01:01:25 WINTER 4 U .
TPLT151
PW 2009/01/06 01:01:26 WINTER 4 U .
TPLT151
PW 2009/01/06 01:01:26 WINTER 4 U .
TPLT151
PW 2009/01/06 01:01:26 WINTER 4 U .
TPLT151
PW 2009/01/06 01:01:26 WINTER 4 U .
TPLT151
PW 2009/01/06 01:01:26 WINTER 4 U .
TPLT151
PW 2009/01/06 01:01:26 WINTER 4 U .
TPLT151
PW 2009/01/06 01:01:27 WINTER 4 U .
TPLT151
PW 2009/01/06 01:01:27 WINTER 4 U .
TPLT151
PW 2009/01/06 01:01:27 WINTER 4 U .
TPLT151

PW 2009/01/11 00:04:52 WINTER 4 U Q4141 0
TPLT101
PW 2009/01/11 00:04:52 WINTER 4 U Q4141 0
TPLT101
PW 2009/01/11 00:04:53 WINTER 4 U Q4141 0
TPLT101
PW 2009/01/11 00:04:53 WINTER 4 U Q4141 0
TPLT101
PW 2009/01/11 00:04:53 WINTER 4 U Q4141 0
TPLT101
PW 2009/01/11 00:04:53 WINTER 4 U Q4141 0
TPLT101
PW 2009/01/11 00:04:53 WINTER 4 U Q4141 0
TPLT101
PW 2009/01/11 00:04:53 WINTER 4 U Q4141 0
TPLT101
PW 2009/01/11 00:04:53 WINTER 4 U Q4141 0
TPLT101
PW 2009/01/11 00:04:54 WINTER 4 U Q4141 0
TPLT101
PW 2009/01/11 00:04:54 WINTER 4 U Q4141 0
TPLT101
PW 2009/01/11 00:04:54 WINTER 4 U Q4141 0
TPLT101
PW 2009/01/11 00:04:54 WINTER 4 U Q4141 0
TPLT101

PW 2009/01/22 11:03:08 WINTER 4 U .000000000
TPLT071

PW 2009/01/22 11:03:09 WINTER 4 U .000000000
TPLT071

PW 2009/01/22 11:03:09 WINTER 4 U .000000000
TPLT071

PW 2009/01/22 11:03:09 WINTER 4 U .000000000
TPLT071

PW 2009/01/22 11:03:09 WINTER 4 U .000000000
TPLT071

PW 2009/01/22 11:03:09 WINTER 4 U .000000000
TPLT071

PW 2009/01/22 11:03:09 WINTER 4 U .000000000
TPLT071

PW 2009/01/22 11:03:09 WINTER 4 U .000000000
TPLT071

PW 2009/01/22 11:03:10 WINTER 4 U .000000000
TPLT071

PW 2009/01/22 11:03:10 WINTER 4 U .000000000
TPLT071

PW 2009/01/22 11:03:10 WINTER 4 U .000000000
TPLT071

PW 2009/01/22 11:03:10 WINTER 4 U .000000000
TPLT071

PW 2009/01/22 11:03:10 WINTER 4 U .000000000
TPLT071

PW 2009/01/22 11:03:10 WINTER 4 U .000000000
TPLT071

PW 2009/01/22 11:03:10 WINTER 4 U .000000000
TPLT071

PW 2009/01/22 11:03:11 WINTER 4 U .000000000
TPLT071

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options, visit:
http://lists.midrange.com/mailman/listinfo/midrange-l or email:
MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment
to review the archives at http://archive.midrange.com/midrange-l.


--
WOW! Homepage (http://www.wowway.com)

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.