We saw a bunch of logon attempts a night ago to userid ADMINIST which I
do not have defined in the directory. There were about 2,500 over the
course of 2 hours. They were apparently not coming in thru an emulator,
so that pretty much leaves the web interface to Performance Toolkit. Is
there
Jim Bohnsack wrote:
We saw a bunch of logon attempts a night ago to userid ADMINIST which
I do not have defined in the directory. There were about 2,500 over
the course of 2 hours. They were apparently not coming in thru an
emulator, so that pretty much leaves the web interface to
one of the IDS
toolkits, and you can clobber the twerps network wide.
-Original Message-
From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On
Behalf Of Jim Bohnsack
Sent: Wednesday, July 08, 2009 11:02 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: PERFSVM question
We
AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: PERFSVM question
=20
We saw a bunch of logon attempts a night ago to userid ADMINIST which I
do not have defined in the directory. There were about 2,500 over the
course of 2 hours. They were apparently not coming in thru an
emulator,
so that pretty much
To: IBMVM@LISTSERV.UARK.EDU
Subject: PERFSVM question
We saw a bunch of logon attempts a night ago to userid ADMINIST
which I
do not have defined in the directory. There were about 2,500 over
the
course of 2 hours. They were apparently not coming in thru an
emulator,
so that pretty much leaves
To: IBMVM@LISTSERV.UARK.EDU
Subject: PERFSVM question
We saw a bunch of logon attempts a night ago to userid ADMINIST
which I
do not have defined in the directory. There were about 2,500 over
the
course of 2 hours. They were apparently not coming in thru an
emulator,
so that pretty much leaves
I very cleverly log from 06:00 until 18:00. Saves space in the HISTLOG
files, you know. :-[
Jim
Rich Smrcina wrote:
Jim Bohnsack wrote:
We saw a bunch of logon attempts a night ago to userid ADMINIST which
I do not have defined in the directory. There were about 2,500 over
On Jul 8, 2009, at 12:03 PM, Jim Bohnsack wrote:
Easy for you to say.
How about She sells sea shells by the seashore?
Adam
Easy for you to say.
Sent Jim a set of iptables rules that should do the job.
Would anyone else find a VM-based screening/firewall virtual machine useful?
Would you contribute time or money to it's creation? If so, let me know
off-list and I'll see what we can coordinate. We've been running
@LISTSERV.UARK.EDU
Subject: PERFSVM question
We saw a bunch of logon attempts a night ago to userid ADMINIST
which I
do not have defined in the directory. There were about 2,500 over
the
course of 2 hours. They were apparently not coming in thru an
emulator,
so that pretty much leaves the web interface
2,500 tries over 2 hours is not an attempt to break in, that's a
denial-of-service attack.
Apparently there was a pretty big DOS attack on a number of Federal and other
websites starting on July 4. They hit a ton of sites, and if you stayed up, you
did better than the Treasury Department,
] On
Behalf Of Chip Davis
Sent: Wednesday, July 08, 2009 2:56 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: PERFSVM question
2,500 tries over 2 hours is not an attempt to break in, that's a
denial-of-service attack.
Apparently there was a pretty big DOS attack on a number of Federal and
other
On 7/8/2009 at 2:55 PM, Chip Davis c...@aresti.com wrote:
2,500 tries over 2 hours is not an attempt to break in, that's a
denial-of-service attack.
One attempt every 3 seconds (roughly)? I doubt it. Sounds like a script
kiddie to me.
Mark Post
Not if it's waiting on a response from the victim and immediately resending.
That's harder to automatically recognize and guard against. A PING flood, otoh...
Besides, it wasn't clear that the attack was sustained or in spurts, which could
have raise the effective frequency.
-Chip-
On
14 matches
Mail list logo