On Thu, 31 Jul 2008 08:27:43 -0500, Mike Walter <[EMAIL PROTECTED]> wrote:
>Back on July 15, we experienced our first known Denial of Service "attac k" >(more likely a problem server). >I reported it to our Internet Security group including: > >From the nearly anonymous/invisible "TCPIP MESSAGE" file in >TCPMAINT's reader: >---<snip>---- >DTCUTI001E Serious problem encountered: 15:38:55 07/15/08 >DTCUTI002E A denial-of-service attack has been detected >---<snip>--- Nearly invisible? They show up in my reader and have since I moved into V M Systems. Far from being anonymous/invisible, they are rather overly frequent. Since I have 20 (?) of those readers, I long ago arranged to forward SOME of these messages to my email address. The rest just go in a log file. Like you, we found the DOS came from our Information Security folk's serv er. (At least they didn't try to hide it -- there is an email address attached.) So far we haven't ever gotten a nastygram from these folks telling us we are insecure, but I have seen such emails addressed to others. Presumably that means VM does the right thing. Like others our VM systems are behind a firewall. But information security warns us that insiders are more of a threat than outsiders. Alan Ackerman Alan (dot) Ackerman (at) Bank of America (dot) com
