I have this case opened with IBM. There are certain clients attaching to the system where it starts 10,000+ port 23 (telnet) connections to our system. All using the same 1-3 workstation id's. Totally blows our activity level out of the water and is quite an effective denial of service attack.
-- Some TCP connections do not spawn "jobs". Therefore we'll use a different service.
select local_port, remote_address, count(*) as nbrconnections
from gdihq.qsys2.NS_INFO
where local_port = 23
group by local_port, remote_address
having count(*) > 10
;
Messing with things like QAUTOCFG, QAUTOVRT has ZERO effect on stopping this.
IBM's reply has been basically put on a patch to that version of the deprecated Client Access or upgrade to iACS.
Since most of these are Windows 7 VM sessions our Windows admins are leaning towards the patch. When they are ready to upgrade to Windows 10 on the 'gold' image they'll upgrade to iACS.
Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
