Telnet connection saturating the iSeries

645 pts.
Tags:
iSeries Telnet
OS/400
Telnet
Has anyone had any instance(s) of a telnet connection saturating the iSeries (somewhat like a DOS attack). Last week I was contacted in the middle of the night due to users unable to open any sessions. I attempted to get a session from home but was unsuccessful. I came to the office and found (via work with TCP CNN status) that I had hundred's of connections at Close-wait from a PC at one of our sites in another state. I tried ending the connections but ending 100 would just open 500 more. Called IBM support and they recommended disconnecting this PC from the network. The person assigned to this PC was not at work and this PC was in a locked office. It was disconnected and all went back to normal. We checked the PC for any Malware, virus, new software, etc. and were found none. We reconnected the PC to the network and all worked normally - Established connection. IBM said this could have been caused from a port tester but network research showed none. Thank you in advance for any suggestions/recommendations you may be able to provide.

Software/Hardware used:
OS/400

Answer Wiki

Thanks. We'll let you know when a new response is added.

I’ve never seen that problem. However, this would seem to be a good case for learning the Packet Rules tool in iSeries Navigator. If you had (have?) a base Packet Rules filter in place, you might add a Deny rule for telnet that originates from that IP address. Once the remote situation is cleaned up, the default rules could be reinstated.

In iNav, My Connections-> {myAS400}-> Network-> IP Policies-> Packet Rules

There are aspects that require some experience before they become clear; but the first time you learn from experience, you’ll remember from then on.

Tom

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Abigail
    Actually, I had already checked, and there are no Packet Rules established. IBM stated they rarely have seen this on 5.4.0 but seems to be occurring more at 6.1.
    645 pointsBadges:
    report
  • Abigail
    Port 992 (SSL)
    645 pointsBadges:
    report
  • TomLiotta
    ...there are no Packet Rules established. I understand, but I wasn't clear. I apologize, Having a default set of Packet Rules in place (or at least defined and ready to be put in place) would give you a quick way to block a massive number of connection attempts from a problem PC. Simply by activating a Deny rule for telnet from the PC's IP address you could eliminate new connections and reduce the "saturation". This frees your system from having to deal with it, and lets you take some time to fix the PC later... or fix whatever is wrong. It's a "Be prepared" action that can be done ahead of time when a Packet Rules set is made ready for use. Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following