Re: TCPIP

McKown, John Thu, 10 Jul 2008 10:21:44 -0700

Sounds like this:
 
http://www.mail-archive.com/ibmvm@listserv.uark.edu/msg08725.html
 
and
 
http://vil.nai.com/vil/content/v_100019.htm
<quote>


Overview -


This is a trojan detection. Unlike viruses, trojans do not
self-replicate. They are spread manually, often under the premise that
they are beneficial or wanted. The most common installation methods
involve system or security exploitation, and unsuspecting users manually
executing unknown programs. Distribution channels include email,
malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer
networks, etc.


Aliases


*       DDoS.Win32.Smurf (AVP)


Characteristics


Characteristics -


This is a Denial of Service attack tool. It's used by an attacker to
send a specified number of ICMP & UDP packets to a victim. 


</quote>

 

--
John McKown
Senior Systems Programmer
HealthMarkets
Keeping the Promise of Affordable Coverage
Administrative Services Group
Information Technology

This message (including any attachments) contains confidential
information intended for a specific individual and purpose, and its
content is protected by law.  If you are not the intended recipient, you
should delete this message and are hereby notified that any disclosure,
copying, or distribution of this transmission, or taking any action
based on it, is strictly prohibited.
  

 


________________________________

        From: The IBM z/VM Operating System
[mailto:[EMAIL PROTECTED] On Behalf Of Martin, Terry R. (CMS/CTR)
(CTR)
        Sent: Thursday, July 10, 2008 12:18 PM
        To: IBMVM@LISTSERV.UARK.EDU
        Subject: TCPIP
        
        

        Hi 

         

        I re-cycled my TCPIP stack and noticed the following message
while it was coming up:

         

        DTCNET400W A denial-of-service attack has been detected; issue
NETSTAT DOS for more information.

         

        The output from the NETSTAT DOS command was:

         

        netstat dos


        VM TCP/IP Netstat Level 530


        


        Maximum Number of Half Open Connections: 258


        


        Denial of service attacks:


                                                           Attacks
Elapsed    Attack  

        Attack   IP Address                               Detected
Time  Duration  

        -------- --------------------------------------- ---------
--------- ---------  

        Smurf-IC 10.17.2.5                                     210
0:04:46   0:04:45  

         

        Does anyone know what this means and if it is a real problem? It
looks like the ATTACKS number is rising quickly.

         

        Thank You,

         

        Terry Martin

        Lockheed Martin - Information Technology

        z/OS & z/VM Systems - Performance and Tuning

        Cell - 443 632-4191

        Work - 410 786-0386

        [EMAIL PROTECTED]

Re: TCPIP

Reply via email to