Though it shouldn't need to be said, I'll do it anyway -- If you don't have a firewall and you're connected to the Internet, you _are_ being scanned. Often. Likely many times per day. The link to < http://www.xs4all.nl/~hgj/ipflt/ > is a good one. This highlights a 'firewall Lite' facility that's been available for a few years and that's rarely used. There are a few things to be aware of. First, the freeware documentation is outdated at points. The "IP Packet Security" tag hasn't been used for a while; you should now look for Network->IP Policies->Packet Rules and right-click Packet Rules to select Rules Editor. That should get you started. Second, anybody who attempts to activate packet rules should know the following command by heart: ==> RMVTCPTBL TBL(*IPFTR) [or TBL(*ALL)] Be certain you have a way to run this command without TCP/IP before you activate any rule sets. It can be extremely easy to activate rules that disable your telnet sessions as well as any other facility that relies on TCP/IP. And once the rules are in place, it can be tricky getting them turned off again. A good ol' twinax console can be very handy. SNA passthru might also be used. Some have submitted the command via job scheduler or via SBMJOB with scheduled date/time for a few minutes in the future. Finally, although the facility works, keep in mind that you're using your very expensive iSeries memory, DASD, IOPs and CPU, to do the work that a cheap Linux box and maybe an extra hub could do faster and better. The resulting journal receivers can quickly become very large under the right circumstances. You're generally much better off keeping unwanted packets from even reaching your iSeries adapter. There's seldom much point in making that equipment handle those packets when other work could be done. 'Firewall Lite' is pretty cool and the noted freeware is a decent introduction. I hope I've added useful info. Tom Liotta "Bob Crothers" <bob2@xxxxxxxxxxxxxx> wrote: >Your firewall should tell you that you are being scanned. > >> -----Original Message----- >> From: security400-bounces@xxxxxxxxxxxx >> [mailto:security400-bounces@xxxxxxxxxxxx] On Behalf Of Steve >McKay >> >> Is there something (exit program, setting, etc.) which >> would/could alert me >> if my iSeries is being scanned from a specific subnet or IP >> address? Or if >> a connection request came from outside *my* subnet? (3rd >> party software is >> probably not a viable solution but I'd be willing to consider >it.) -- Tom Liotta The PowerTech Group, Inc. 19426 68th Avenue South Kent, WA 98032 Phone 253-872-7788 x313 Fax 253-872-7904 http://www.powertech.com __________________________________________________________________ McAfee VirusScan Online from the Netscape Network. Comprehensive protection for your entire computer. Get your free trial today! http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397 Get AOL Instant Messenger 5.1 free of charge. Download Now! http://aim.aol.com/aimnew/Aim/register.adp?promo=380455
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.