If you are on V6R1, you can setup the Intrusion Detection & Prevention in
iNav (it was there in v5R4, but not as robust). It will show when people
try to do a scan on your system, and other connectivity functions. I would
strongly recommend the FTP exit points so that you can control who does FTP
into your system. Run ANZDFTPWD *NONE on your system and look at the user
profiles with default passwords and fix those issues. Some of the items to
help you out.
Pete
Pete Massiello
iTech Solutions
http://www.itechsol.com
-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx
[mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Bob Voltz
Sent: Wednesday, May 20, 2009 1:03 PM
To: 'Midrange Systems Technical Discussion'
Subject: Is someone trying to hack my system?
While looking at QHST for something else, I noticed a lot of the following
messages:
TCP/IP connection to remote system 222.128.58.140 closed, reason code 2.
TCP/IP connection to remote system 222.128.58.140 closed, reason code 2.
TCP/IP connection to remote system 222.136.188.66 closed, reason code 2.
TCP/IP connection to remote system 222.136.188.66 closed, reason code 2.
TCP/IP connection to remote system 222.136.188.66 closed, reason code 2.
TCP/IP connection to remote system 222.136.188.66 closed, reason code 2.
TCP/IP connection to remote system 41.178.102.242 closed, reason code 2.
TCP/IP connection to remote system 41.208.151.250 closed, reason code 2.
Reason codes and their meanings follow:
1 = TCP connection closed due to expiration of 10 minute FINWAIT2 timer.
2 = TCP connection closed due to R2 retry threshold being run.
Does this mean the hackers are after me?!?!?
midrange.com
