On Wed, 6 Jul 2005, Tom Duerbusch wrote: > Well, we are in the mist of a DOS attack. > > This is against one of our VSE systems which is routed thru the VM > stack. Currently TCPIP is getting about 2,500 I/Os per second instead > of the normal, under 100 per second. > > Anyway, a chap from United Forensics is here and is going to put a > sniffer on (which apparently requires the mainframes ethernet cable to > be disconnected and reconnected into the sniffer. No good durning the > day with the tn3270 users, so we are going to do it later in the > evening.
Why not just ngrep the interface under attack? > > But, now for the real question... > > Is there any software, z/Linux or z/VM based, that can be used to check > for, and possibility prevent a DOS attack? Perhaps from Velocity? > hint..hint.. (sure would help justification...) > Adaptive iptables would do the trick nicely. > Some think this is a network problem and let the network people handle > it. But when it impacts the mainframe, it's my problem. A network type > is just one of the possible solutions. > > I would think software on the mainframe, would be less disruptive then > detaching the ethernet cable for the sniffer. > > TN3270 is running slow, but still running. > IP printing to the big Xerox laser is dog slow (30 minutes plus to ship > a 400 page PDF file). > DRDA access to DB2, just isn't going to happen. DB2 times out the > request before it can be completed (or ODBC or something closes the > connection). > > So, perhaps, I can justify something.... > > Tom Duerbusch > THD Consulting > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 > sleekfreak pirate broadcast http://sleekfreak.ath.cx:81/ ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390