Because of recent developments regarding exploits, I began exploring the IBM i Intrusion Detection System application and set up the default rules and turned IDS on.
Here are some of the messages I am receiving:
------
This just occurred and the Intrusion Type seems to be of concern:
Time of Event: 12/14/21 08:16:40
Intrusion Type: ATTACK
Attack Type: ACKSTORM
Local IP Address: 172.17.0.249
Local Port: 443
Remote IP Address: 172.25.20.117
Remote Port: 57685
Protocol: 6
------ This one occurs five times at the top of the hour:
Time of Event: 12/14/21 07:59:11
Intrusion Type: ATTACK
Attack Type: ICMPRED
Local IP Address: 172.17.0.249
Local Port: 0
Remote IP Address: 172.17.0.1
Remote Port: 0
Protocol: 1
------ This one also occurs several times at the top of the hour (from different IP addresses):
Time of Event: 12/14/21 07:52:17
Intrusion Type: SCANE
Attack Type:
Local IP Address: 172.17.0.249
Local Port: 541
Remote IP Address: 172.17.40.97
Remote Port: 10966
Protocol: 6
Time of Event: 12/14/21 07:52:16
Intrusion Type: SCANE
Attack Type:
Local IP Address: 172.17.0.249
Local Port: 541
Remote IP Address: 172.17.32.17
Remote Port: 3222
Protocol: 6
Time of Event: 12/14/21 07:52:16
Intrusion Type: SCANE
Attack Type:
Local IP Address: 172.17.0.249
Local Port: 541
Remote IP Address: 172.17.26.33
Remote Port: 18759
Protocol: 6
Time of Event: 12/14/21 07:52:16
Intrusion Type: SCANE
Attack Type:
Local IP Address: 172.17.0.249
Local Port: 541
Remote IP Address: 172.17.32.17
Remote Port: 3222
Protocol: 6
------ Recommendations ?
Regards,
Steve Landess
(512) 289-0387
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
