- It apparently started in June or July. We were not made aware of it until this month. I say "apparently" because we have not been getting the full story.
- There were no changes that we were made aware of, we usually don't know about changes to the network until something breaks, until we installed z/VM 5.2 in August, after at least 2 occurrences.
- They do not. The ones monitoring the logs are InfoSec people, not network folks.
Regards,
Richard Schuh
-----Original Message-----
From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED]On Behalf Of Miguel Delapaz
Sent: Thursday, October 19, 2006 4:17 PM
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: SMTP Verify Client Exit
The IBM z/VM Operating System <IBMVM@LISTSERV.UARK.EDU> wrote on 10/19/2006 03:28:44 PM:
...
> Originally, we were told that it was e-mail. Today, we got
> firewall monitors to check the message meaning, and the word from
> Cisco that it is a generic "packet that has no specific connection
> in the firewall unit's connection table", not specifically e-mail.
>
> This appears to be a monthly occurrence, but there is no pattern
> connecting it with a day of month, day of week, or time of day. Not
> being a TCPIP guy, I am now stumped as to what we can do. Any suggestions.
>
> Regards,
> Richard Schuh
Well, before I go making suggestions, I'd like to ask a couple of questions:
1) When did this start?
2) What changes to the network, firewall configuration and/or z/VM TCP/IP configuration/service/applications were made in the month or so before this started?
3) Do the firewall "monitors" have packet trace data for the packets which are "flooding" the firewall?
The answers to these should provide at least some clues as to where to begin digging. Since the problem is not predictible (from a timeframe point of view), turning on tracing on VM is not going to be terribly helpful, so getting the packet data from the firewall is probably the easiest way to know *what* the packets are (and where the originated).
Regards,
Miguel Delapaz
z/VM TCP/IP Development
