|
I hadn't thought of multiple log in's to the Windows itself. That would probably be better. I may meet some resistance as these PC's aren't doing anything but terminal emulation and kiosk web stuff, like looking up production notes.However it is still relying upon the client stopping itself from trashing the server and not stopping it from the server.
When you have a Windows PC, let's say JRZPC01 for example. And someone is--
logged in on that PC as JUAN. Now there are multiple users who access that
after it is logged on to use 5250 sessions: JUAN, MARIA, JAVIER. Using
Paul's method each session would be JRZPC01S1... Using Steve's method each
session would be JUANS1..., right?
This may be a workaround. Another workaround may be turning off
autoreconnect.
However this doesn't solve the root problem. Stopping it at the server.
Once you start to rely upon stopping it at each client you still leave
yourself open to a Denial Of Service attack.
Latest service updates from IBM after I explained the situation to them:
IBM: That would make sense. I will close this out.
My reply to that: Yes, I published this on LinkedIn as a simple way to
perform a Denial Of Service attack on IBM i. I'm getting some likes from
foreign nationals.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Steve McKay
Sent: Monday, November 18, 2019 8:58 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: 5250 sessions killing the system
CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.
Similarly, we use &USERN*= because our computer names are 10 characters
long and somewhat meaningless (BSSB203684, for example) while our user
names are 7 characters so it leads to a more readable/usable device name.
Thanks,
Steve McKay
(205) 585-8424
samckay1@xxxxxxxxx
On Mon, Nov 18, 2019 at 8:44 AM Steinmetz, Paul via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx> wrote:
Rob,Rob
We had individual sessions for each user, some users had 3 or 4.
When we migrated to ACS, I changed to using &COMPN*= for the session id.
Session name now equals PC name, with a letter suffix for each additional
one launched.
One HOD session can launch as many as needed.
QAUTOCFG must be set to 1=on.
Also had to add some wildcard names to the interactive subsystem.
Session maintenance eliminated.
Paul
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Berendtstart
Sent: Monday, November 18, 2019 8:34 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx
Subject: RE: 5250 sessions killing the system
And, apparently minimizing sessions is really popular on shop floor PC's
where multiple users have their own 5250 sessions and are strictly
forbidden to use a session that someone else is logged on to and must
their own.Rob
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Berendtif
Sent: Monday, November 18, 2019 8:29 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx
Subject: RE: 5250 sessions killing the system
Ok, we think we know how this happens now.
User has a session, let's use ROBS1 for an example.
He minimizes ROBS1 and cannot find it.
So he starts it again and now has two ROBS1 sessions.
The second one cannot connect because that session is in use. However,
you have autoconnect turned on, it never stops trying.Rob
Wham: Denial Of Service.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Berendtmidrange-l@xxxxxxxxxxxxxxxxxx
Sent: Friday, November 15, 2019 7:30 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx
Subject: RE: 5250 sessions killing the system
I have found these scripts invaluable in tracking down the offender:
-- Some TCP connections do not spawn "jobs". Therefore we'll use a
different service.
select local_port, remote_address, count(*) as nbrconnections
from gdihq.qsys2.NS_INFO
where local_port = 23
group by local_port, remote_address
having count(*) > 10
;
-- What 5250 session is using a particular IP address?
Select job_name, authorization_name, client_ip_address
from table(active_job_info(
SUBSYSTEM_LIST_FILTER => 'QINTER',
DETAILED_INFO => 'ALL')) x
WHERE 1 IN (select 1 from gdihq.sysibm.sysdummy1)
and client_ip_address in (
select remote_address
from gdihq.qsys2.NS_INFO
where local_port = 23
group by remote_address
having count(*) > 10
)
;
-- What are their names?
select odobnm, odobtx
from table(qsys2.users()) i
where odobnm in(
Select authorization_name
from table(active_job_info(
SUBSYSTEM_LIST_FILTER => 'QINTER',
DETAILED_INFO => 'ALL')) x
WHERE 1 IN (select 1 from gdihq.sysibm.sysdummy1)
and client_ip_address in (
select remote_address
from gdihq.qsys2.NS_INFO
where local_port = 23
group by remote_address
having count(*) > 10
)
group by authorization_name)
;
-- From your DOS command prompt run
-- nslookup xxx.xxx.xxx.xxx
-- where xxx. is the offending IP address.
-- Sometimes the session name is unrelated to the device.
-- For example, ROBS1 on laptop GDL57
;
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
midrange
Sent: Thursday, November 14, 2019 10:49 PM
To: 'Midrange Systems Technical Discussion' <
WeSubject: RE: 5250 sessions killing the system
CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the content is safe.
I have not read every single response to this thread, but we have once or
twice a year had auto-connect or auto-reconnect of either Client Access
5250
sessions or 5250 attached printers that will swamp our system - until we
figure out the device and vary off, and appear as thousands of attempts.
always solved it at the pc itself.Behalf
Jim Franz
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxxxxxxxx] On
OfJeff
Rob Berendt
Sent: Thursday, November 14, 2019 2:45 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx
Subject: RE: 5250 sessions killing the system
Been going on for 2-3 weeks.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail
to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Crosbymidrange-l@xxxxxxxxxxxxxxxxxx
Sent: Thursday, November 14, 2019 2:28 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx
Subject: Re: 5250 sessions killing the system
CAUTION: This email originated from outside of the organization. Do not
click links or open attachments unless you recognize the sender and know
the
content is safe.
Did this just start today? Bizarre.
On Thu, Nov 14, 2019 at 2:15 PM Rob Berendt <rob@xxxxxxxxx> wrote:
They also said that I may want to turn off auto reconnect on thoseclients.
Rob
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Berendt
Sent: Thursday, November 14, 2019 2:06 PM
To: Midrange Systems Technical Discussion <
to
Subject: 5250 sessions killing the system
I have this case opened with IBM. There are certain clients attaching
10the system where it starts 10,000+ port 23 (telnet) connections to ourservice
system. All using the same 1-3 workstation id's. Totally blows our
activity level out of the water and is quite an effective denial of
attack.
-- Some TCP connections do not spawn "jobs". Therefore we'll use a
different service.
select local_port, remote_address, count(*) as nbrconnections
from gdihq.qsys2.NS_INFO
where local_port = 23
group by local_port, remote_address
having count(*) > 10
;
Messing with things like QAUTOCFG, QAUTOVRT has ZERO effect on stopping
this.
IBM's reply has been basically put on a patch to that version of the
deprecated Client Access or upgrade to iACS.
Since most of these are Windows 7 VM sessions our Windows admins are
leaning towards the patch. When they are ready to upgrade to Windows
onlist
the 'gold' image they'll upgrade to iACS.list
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxxlist
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
Jeff Crosby
VP Information Systems
UniPro FoodService/Dilgard
P.O. Box 13369
Ft. Wayne, IN 46868-3369
260-422-7531
direct.dilgardfoods.com
The opinions expressed are my own and not necessarily the opinion of my
company. Unless I say so.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxxlist
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link:
https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxxlist
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link:
https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxxlist
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxxlist
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxxlist
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxxlist
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx--
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.