2,500 tries over 2 hours is not an attempt to break in, that's a
denial-of-service attack.
Apparently there was a pretty big DOS attack on a number of Federal and other
websites starting on July 4. They hit a ton of sites, and if you stayed up, you
did better than the Treasury Department, Secret Service, Federal Trade
Commission and Transportation Department.
http://www.google.com/hostednews/ap/article/ALeqM5icTKBW9_fm-oKDzns75BI-ykokSwD999UN580
-Chip-
On 7/8/09 15:02 Jim Bohnsack said:
We saw a bunch of logon attempts a night ago to userid ADMINIST which I
do not have defined in the directory. There were about 2,500 over the
course of 2 hours. They were apparently not coming in thru an emulator,
so that pretty much leaves the web interface to Performance Toolkit. Is
there any way I control that interface. How can I get the ip address?
IBM used to have, internally, a mod that would double the amount of time
between each unsuccessful logon attempt to a particular userid.
Something like that would do the job.
Jim
