Hello Terry, (nice last name)
We did have the same problem. The System Administrator
indicated that it was his PC and he did not find any problem.
Then about a day later, a Network Administrator found a virus on that
PC.
One group was not worried about it (PC people), but the Network people
were worried as network
performance was taking a hit.
Finally, we did get DOS from a Network system that was checking
for unused IP addresses. The system would go out every 4 hours had ping
50-100 times to determine what addresses were really being used.
They adjusted it down to 2 every 5 hours for the next couple of
days.
Ed Martin
330-588-4723
ext 40441
________________________________
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On
Behalf Of Martin, Terry R. (CMS/CTR) (CTR)
Sent: Thursday, July 10, 2008 1:18 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: TCPIP
Hi
I re-cycled my TCPIP stack and noticed the following message while it
was coming up:
DTCNET400W A denial-of-service attack has been detected; issue NETSTAT
DOS for more information.
The output from the NETSTAT DOS command was:
netstat dos
VM TCP/IP Netstat Level 530
Maximum Number of Half Open Connections: 258
Denial of service attacks:
Attacks Elapsed
Attack
Attack IP Address Detected Time
Duration
-------- --------------------------------------- --------- ---------
---------
Smurf-IC 10.17.2.5 210 0:04:46
0:04:45
Does anyone know what this means and if it is a real problem? It looks
like the ATTACKS number is rising quickly.
Thank You,
Terry Martin
Lockheed Martin - Information Technology
z/OS & z/VM Systems - Performance and Tuning
Cell - 443 632-4191
Work - 410 786-0386
[EMAIL PROTECTED]
