Hello Terry, (nice last name) We did have the same problem. The System Administrator indicated that it was his PC and he did not find any problem. Then about a day later, a Network Administrator found a virus on that PC. One group was not worried about it (PC people), but the Network people were worried as network performance was taking a hit. Finally, we did get DOS from a Network system that was checking for unused IP addresses. The system would go out every 4 hours had ping 50-100 times to determine what addresses were really being used. They adjusted it down to 2 every 5 hours for the next couple of days.
Ed Martin 330-588-4723 ext 40441 ________________________________ From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Martin, Terry R. (CMS/CTR) (CTR) Sent: Thursday, July 10, 2008 1:18 PM To: IBMVM@LISTSERV.UARK.EDU Subject: TCPIP Hi I re-cycled my TCPIP stack and noticed the following message while it was coming up: DTCNET400W A denial-of-service attack has been detected; issue NETSTAT DOS for more information. The output from the NETSTAT DOS command was: netstat dos VM TCP/IP Netstat Level 530 Maximum Number of Half Open Connections: 258 Denial of service attacks: Attacks Elapsed Attack Attack IP Address Detected Time Duration -------- --------------------------------------- --------- --------- --------- Smurf-IC 10.17.2.5 210 0:04:46 0:04:45 Does anyone know what this means and if it is a real problem? It looks like the ATTACKS number is rising quickly. Thank You, Terry Martin Lockheed Martin - Information Technology z/OS & z/VM Systems - Performance and Tuning Cell - 443 632-4191 Work - 410 786-0386 [EMAIL PROTECTED]