That only makes sense. After all, who has the easiest access and the
most knowledge of the systems?
Regards,
Richard Schuh
But information security warns us that insiders are more of a
threat than= outsiders.
Alan Ackerman
Alan (dot) Ackerman (at) Bank of America (dot) com
We have seen these from time to time. When we get them, they come in one
of two flavors. Either someone pounding SNMP to try to use us as an open
relay or more frequently in an attempt to DOS or hack us via FTP.
To help minimize (not eliminate) the impact, we have EXITs in place for
both SMTP and
Back on July 15, we experienced our first known Denial of Service attack
(more likely a problem server).
I reported it to our Internet Security group including:
From the nearly anonymous/invisible TCPIPMESSAGE file in
TCPMAINT's reader:
---snip
DTCUTI001E Serious problem
kind of fun to do the impossible. (Walt Disney)
=-Original Message-
=From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED]
On
=Behalf Of Mike Walter
=Sent: Thursday, July 31, 2008 9:28 AM
=To: IBMVM@LISTSERV.UARK.EDU
=Subject: DOS attack details in
=
=Back on July 15, we
Please respond to
The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU
To
IBMVM@LISTSERV.UARK.EDU
cc
Subject
Re: DOS attack details in
We had this DOS attack and tracked it back to a MAC computer on the
network. It was doing some sort of broadcast network thing. I can supply
the details
, Jim [EMAIL PROTECTED]
Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU
07/31/2008 09:31 AM
Please respond to
The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU
To
IBMVM@LISTSERV.UARK.EDU
cc
Subject
Re: DOS attack details in
I used the IP address to track down
The port and IP address sending the request should be in the monitor records. There would
some inforamation useful there.
Mike Walter wrote:
Back on July 15, we experienced our first known Denial of Service attack
(more likely a problem server).
I reported it to our Internet Security group
On Thursday, 07/31/2008 at 09:30 EDT, Mike Walter [EMAIL PROTECTED]
wrote:
So I asked our Internet Security team who might be the offending
10.64.103.250. In turn they asked me for the port number being used
for
this attack, and the mac address of the attacking machine.
Unfortunately,
Mike Walter wrote:
Dunno, I'm not an IP (or networking) Wizard, either.
Not sure what else might be able to be gathered, but at least TCPIP knows
what port was being attacked. Great minds will think of more.
Perhaps information for that IP address obtained from NETSTAT CONN?
Wizards will
]
Re: DOS attack details in
Mike Walter
to:
IBMVM
07/31/2008 07:42 AM
Sent by:
The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU
Please respond to The IBM z/VM Operating System
Dunno, I'm not an IP (or networking) Wizard, either.
Not sure what else might be able to be gathered
monthly probe of every IP address on our intranet.
Regards,
Richard Schuh
-Original Message-
From: The IBM z/VM Operating System
[mailto:[EMAIL PROTECTED] On Behalf Of Mike Walter
Sent: Thursday, July 31, 2008 6:28 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: DOS attack details
:
[image removed]
Re: DOS attack details in
Mike Walter
to:
IBMVM
07/31/2008 07:42 AM
Sent by:
The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU
Please respond to The IBM z/VM Operating System
Dunno, I'm not an IP (or networking) Wizard, either.
Not sure what else
[mailto:[EMAIL PROTECTED] On
Behalf Of Schuh, Richard
Sent: Thursday, July 31, 2008 11:56 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: DOS attack details in
We had a DOS attack a couple of years ago and duly reported it to our
Info Sec group. We got no response. When it happened again one month
later
At 01:18 PM 7/31/2008 -0400, Edward M. Martin wrote:
You may see more because to comply with PCI (Payment Card
Industry) Security Standards you are required to have all Internet
Facing IP addresses scanned for vulnerabilities.
The key line there may be, Internet Facing; how many
Nick Laflamme wrote:
The key line there may be, Internet Facing; how many companies put
their key systems behind NAT'ting firewalls?
Easiest really pretty secure solution: put an OpenBSD firewall between
your Big Iron and the Net.
--
Jack J. Woehr# Self-delusion is
:44 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: DOS attack details in
Nick Laflamme wrote:
The key line there may be, Internet Facing; how many
companies put
their key systems behind NAT'ting firewalls?
Easiest really pretty secure solution: put an OpenBSD
firewall between your Big
You did notice the word intranet, not internet, in my post,
did you not? VM is definitely behind a firewall that makes us
invisible to the outside world. Furthermore, the network that
we are on is isolated from our production network. It may well
be that there is some zeal in interpreting the
On Thursday, 07/31/2008 at 01:18 EDT, Mike Walter [EMAIL PROTECTED]
wrote:
And Alan, by NOTIFY could you actually have meant INFORM? Perhaps you
were just attempting to NOTIFY me to *look up* INFORM? ;-)
Yes, I meant INFORM. NOTIFY is the internal function used to send
information to the
On Thu, 31 Jul 2008 08:27:43 -0500, Mike Walter [EMAIL PROTECTED]
wrote:
Back on July 15, we experienced our first known Denial of Service attac
k
(more likely a problem server).
I reported it to our Internet Security group including:
From the nearly anonymous/invisible TCPIPMESSAGE
19 matches
Mail list logo