× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Rob,

I hadn't thought of multiple log in's to the Windows itself. That would probably be better. I may meet some resistance as these PC's aren't doing anything but terminal emulation and kiosk web stuff, like looking up production notes.
However it is still relying upon the client stopping itself from trashing the server and not stopping it from the server.

Aren't your users required to either lock their screen/or log out when they leave the PC.

This would require/force multiple log ins to the PC.

A must in our environment, from the security point of view.

Paul

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rob Berendt
Sent: Monday, November 18, 2019 10:36 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: 5250 sessions killing the system

I hadn't thought of multiple log in's to the Windows itself. That would probably be better. I may meet some resistance as these PC's aren't doing anything but terminal emulation and kiosk web stuff, like looking up production notes.
However it is still relying upon the client stopping itself from trashing the server and not stopping it from the server.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com


-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Steve McKay
Sent: Monday, November 18, 2019 10:04 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: 5250 sessions killing the system

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.


Using &USERN*=, if each user has their own log on to the PC, you would get
JUANS1, MARIAS1, JAVIERS1, etc.

If there is a single logon (USER) to the PC, the first user connecting
would be USERS1, the second user would be USERS2, etc.

Look at ACS Help for Workstation ID under Communication/Configure

Thanks,

Steve McKay
(205) 585-8424
samckay1@xxxxxxxxx



On Mon, Nov 18, 2019 at 9:50 AM Rob Berendt <rob@xxxxxxxxx> wrote:

When you have a Windows PC, let's say JRZPC01 for example. And someone is
logged in on that PC as JUAN. Now there are multiple users who access that
after it is logged on to use 5250 sessions: JUAN, MARIA, JAVIER. Using
Paul's method each session would be JRZPC01S1... Using Steve's method each
session would be JUANS1..., right?

This may be a workaround. Another workaround may be turning off
autoreconnect.

However this doesn't solve the root problem. Stopping it at the server.
Once you start to rely upon stopping it at each client you still leave
yourself open to a Denial Of Service attack.

Latest service updates from IBM after I explained the situation to them:

IBM: That would make sense. I will close this out.
My reply to that: Yes, I published this on LinkedIn as a simple way to
perform a Denial Of Service attack on IBM i. I'm getting some likes from
foreign nationals.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com


-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Steve McKay
Sent: Monday, November 18, 2019 8:58 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: 5250 sessions killing the system

CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.


Similarly, we use &USERN*= because our computer names are 10 characters
long and somewhat meaningless (BSSB203684, for example) while our user
names are 7 characters so it leads to a more readable/usable device name.


Thanks,

Steve McKay
(205) 585-8424
samckay1@xxxxxxxxx



On Mon, Nov 18, 2019 at 8:44 AM Steinmetz, Paul via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx> wrote:

Rob,

We had individual sessions for each user, some users had 3 or 4.
When we migrated to ACS, I changed to using &COMPN*= for the session id.
Session name now equals PC name, with a letter suffix for each additional
one launched.
One HOD session can launch as many as needed.
QAUTOCFG must be set to 1=on.
Also had to add some wildcard names to the interactive subsystem.

Session maintenance eliminated.

Paul



-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Rob
Berendt
Sent: Monday, November 18, 2019 8:34 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx

Subject: RE: 5250 sessions killing the system

And, apparently minimizing sessions is really popular on shop floor PC's
where multiple users have their own 5250 sessions and are strictly
forbidden to use a session that someone else is logged on to and must
start
their own.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com


-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Rob
Berendt
Sent: Monday, November 18, 2019 8:29 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx

Subject: RE: 5250 sessions killing the system

Ok, we think we know how this happens now.
User has a session, let's use ROBS1 for an example.
He minimizes ROBS1 and cannot find it.
So he starts it again and now has two ROBS1 sessions.
The second one cannot connect because that session is in use. However,
if
you have autoconnect turned on, it never stops trying.
Wham: Denial Of Service.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com


-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Rob
Berendt
Sent: Friday, November 15, 2019 7:30 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx

Subject: RE: 5250 sessions killing the system

I have found these scripts invaluable in tracking down the offender:
-- Some TCP connections do not spawn "jobs". Therefore we'll use a
different service.
select local_port, remote_address, count(*) as nbrconnections
from gdihq.qsys2.NS_INFO
where local_port = 23
group by local_port, remote_address
having count(*) > 10
;
-- What 5250 session is using a particular IP address?
Select job_name, authorization_name, client_ip_address
from table(active_job_info(
SUBSYSTEM_LIST_FILTER => 'QINTER',
DETAILED_INFO => 'ALL')) x
WHERE 1 IN (select 1 from gdihq.sysibm.sysdummy1)
and client_ip_address in (
select remote_address
from gdihq.qsys2.NS_INFO
where local_port = 23
group by remote_address
having count(*) > 10
)
;
-- What are their names?
select odobnm, odobtx
from table(qsys2.users()) i
where odobnm in(
Select authorization_name
from table(active_job_info(
SUBSYSTEM_LIST_FILTER => 'QINTER',
DETAILED_INFO => 'ALL')) x
WHERE 1 IN (select 1 from gdihq.sysibm.sysdummy1)
and client_ip_address in (
select remote_address
from gdihq.qsys2.NS_INFO
where local_port = 23
group by remote_address
having count(*) > 10
)
group by authorization_name)
;

-- From your DOS command prompt run
-- nslookup xxx.xxx.xxx.xxx
-- where xxx. is the offending IP address.
-- Sometimes the session name is unrelated to the device.
-- For example, ROBS1 on laptop GDL57
;

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com


-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
midrange
Sent: Thursday, November 14, 2019 10:49 PM
To: 'Midrange Systems Technical Discussion' <
midrange-l@xxxxxxxxxxxxxxxxxx

Subject: RE: 5250 sessions killing the system

CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.


I have not read every single response to this thread, but we have once or
twice a year had auto-connect or auto-reconnect of either Client Access
5250
sessions or 5250 attached printers that will swamp our system - until we
figure out the device and vary off, and appear as thousands of attempts.
We
always solved it at the pc itself.

Jim Franz


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxxxxxxxx] On
Behalf
Of
Rob Berendt
Sent: Thursday, November 14, 2019 2:45 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx

Subject: RE: 5250 sessions killing the system

Been going on for 2-3 weeks.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com


-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Jeff
Crosby
Sent: Thursday, November 14, 2019 2:28 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx

Subject: Re: 5250 sessions killing the system

CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the
content is safe.


Did this just start today? Bizarre.

On Thu, Nov 14, 2019 at 2:15 PM Rob Berendt <rob@xxxxxxxxx> wrote:

They also said that I may want to turn off auto reconnect on those
clients.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com


-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Rob
Berendt
Sent: Thursday, November 14, 2019 2:06 PM
To: Midrange Systems Technical Discussion <
midrange-l@xxxxxxxxxxxxxxxxxx

Subject: 5250 sessions killing the system

I have this case opened with IBM. There are certain clients attaching
to
the system where it starts 10,000+ port 23 (telnet) connections to our
system. All using the same 1-3 workstation id's. Totally blows our
activity level out of the water and is quite an effective denial of
service
attack.

-- Some TCP connections do not spawn "jobs". Therefore we'll use a
different service.
select local_port, remote_address, count(*) as nbrconnections
from gdihq.qsys2.NS_INFO
where local_port = 23
group by local_port, remote_address
having count(*) > 10
;

Messing with things like QAUTOCFG, QAUTOVRT has ZERO effect on stopping
this.

IBM's reply has been basically put on a patch to that version of the
deprecated Client Access or upgrade to iACS.

Since most of these are Windows 7 VM sessions our Windows admins are
leaning towards the patch. When they are ready to upgrade to Windows
10
on
the 'gold' image they'll upgrade to iACS.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com



--


Jeff Crosby
VP Information Systems
UniPro FoodService/Dilgard
P.O. Box 13369
Ft. Wayne, IN 46868-3369
260-422-7531
direct.dilgardfoods.com

The opinions expressed are my own and not necessarily the opinion of my
company. Unless I say so.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link:
https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link:
https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.