Hi IBM operations, I'm copied on all your chain email/answers, sometimes more than 50 emails a day which exploding my inbox. Would you please be kind and cancel my name from your address list.
Thank you, Yossi Badli [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> -----Original Message----- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] Behalf Of Edward M. Martin Sent: Thursday, May 24, 2007 6:20 PM To: [email protected] Subject: Re: TCPIP Denial of Service Hello Cecelia, We did have the same problem. The System Administrator indicated that it was his PC and he did not find any problem. Then about a day later, a Network Administrator found a virus on that PC. One group was not worried about it (PC people), but the Network people were as network performance was taking a hit. Finally, we did a DOS from a Network system that was checking for unused IP addresses. The system would go out every 4 hours had ping 50-100 times to determine what addresses were really being used. They adjusted it down to 2 every 5 hours for the next couple of days. H1 0088 00C7: IPC108I ICMP Echo request has been received from: 10.0.0.8 H1 0088 00C7: IPC108I ICMP Echo request has been received from: 21:30:44 H1 0088 10.1.32.68 21:30:44 H1 0088 00C7: IPC108I ICMP Echo request has been received from: 21:30:44 H1 0088 10.1.32.68 21:30:44 H1 0088 00C7: IPC108I ICMP Echo request has been received from: 10.0.0.8 H1 0088 00C7: IPC108I ICMP Echo request has been received from: 02:32:08 H1 0088 10.1.32.68 02:32:08 H1 0088 00C7: IPC108I ICMP Echo request has been received from: 02:32:08 H1 0088 10.1.32.68 02:32:08 Ask your network people how they handle DOS attacks? Ed Martin Aultman Health Foundation 330-588-4723 [EMAIL PROTECTED] ext. 40441 > -----Original Message----- > From: The IBM z/VM Operating System [ mailto:[EMAIL PROTECTED] On > Behalf Of Dusha, Cecelia CIV WHS/ITMD > Sent: Wednesday, May 23, 2007 1:36 PM > To: [email protected] > Subject: TCPIP Denial of Service > > The following message is appearing within all TCPIP logs: > DTCIPU086I A denial-of-service attack has been detected > > netstat dos > > VM TCP/IP Netstat Level 510 > > Maximum Number of Half Open Connections: 256 > > Denial of service attacks: > > Attacks Elapsed > Attack > Attack IP Address Detected Time > Duration > -------- --------------------------------------- --------- --------- > --------- > Smurf-IC xxx.xxx.xxx.2 3 6:27:33 > 3:49:01 > xxx.xxx.xxx.3 3 6:23:37 > 3:49:04 > Ready; T=0.02/0.03 13:11:31 > > > The first occurance of the DoS message first appears at 6:25 am every day. > > The strange thing about these DoSs is: > Defaultnet is xxx.xxx.xxx.1 > Usable IPs start at xxx.xxx.xxx.4 > > I have asked our network group what is occurring at 6:25 each day. I was > told it was not a true DoS because it was within the network for the > mainframe... That may be the case, but every day at 6:25 a DoS occurs and > repeats throughout the day. > > I have scanned the TCPIP configuration options to see if there was > something > that could trigger this. I didn't find anything. Did I miss something? > Could the TCPIP configuration trigger DoSs? If so, what do I need to look > for so that they do not occur? > > Thank you. > > Cecelia Dusha
