Simple answer: put a Linux guest in front of the VM TCP stack with the old address as the external address, renumber the VM stack to a RFC1918 address on an internal guest lan, and enable IP Masquerade in iptables. That gets you all sorts of useful info, and lets you shut them down cold. Add one of the IDS toolkits, and you can clobber the twerps network wide.
> -----Original Message----- > From: The IBM z/VM Operating System [mailto:[email protected]] On > Behalf Of Jim Bohnsack > Sent: Wednesday, July 08, 2009 11:02 AM > To: [email protected] > Subject: PERFSVM question > > We saw a bunch of logon attempts a night ago to userid ADMINIST which I > do not have defined in the directory. There were about 2,500 over the > course of 2 hours. They were apparently not coming in thru an > emulator, > so that pretty much leaves the web interface to Performance Toolkit. > Is > there any way I control that interface. How can I get the ip address? > IBM used to have, internally, a mod that would double the amount of > time > between each unsuccessful logon attempt to a particular userid. > Something like that would do the job. > > Jim > > -- > Jim Bohnsack > Cornell University > (972) 596-6377 home/office > (972) 342-5823 cell > [email protected]
