Home > IT Answers > AS/400 > Telnet connection saturating the iSeries
Abigail
645 pts.
 Telnet connection saturating the iSeries
iSeries Telnet, OS/400, Telnet
Has anyone had any instance(s) of a telnet connection saturating the iSeries (somewhat like a DOS attack). Last week I was contacted in the middle of the night due to users unable to open any sessions. I attempted to get a session from home but was unsuccessful. I came to the office and found (via work with TCP CNN status) that I had hundred's of connections at Close-wait from a PC at one of our sites in another state. I tried ending the connections but ending 100 would just open 500 more. Called IBM support and they recommended disconnecting this PC from the network. The person assigned to this PC was not at work and this PC was in a locked office. It was disconnected and all went back to normal. We checked the PC for any Malware, virus, new software, etc. and were found none. We reconnected the PC to the network and all worked normally - Established connection. IBM said this could have been caused from a port tester but network research showed none. Thank you in advance for any suggestions/recommendations you may be able to provide.

Software/Hardware used:
OS/400
ASKED: April 21, 2010  1:27 PM
UPDATED: April 23, 2010  1:43 AM
RELATED QUESTIONS
Answer Wiki:
I've never seen that problem. However, this would seem to be a good case for learning the Packet Rules tool in iSeries Navigator. If you had (have?) a base Packet Rules filter in place, you might add a Deny rule for telnet that originates from that IP address. Once the remote situation is cleaned up, the default rules could be reinstated. In iNav, My Connections-> {myAS400}-> Network-> IP Policies-> Packet Rules There are aspects that require some experience before they become clear; but the first time you learn from experience, you'll remember from then on. Tom
Last Wiki Answer Submitted:  April 21, 2010  8:21 pm  by  TomLiotta   110,105 pts.
All Answer Wiki Contributors:  TomLiotta   110,105 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

 

Actually, I had already checked, and there are no Packet Rules established. IBM stated they rarely have seen this on 5.4.0 but seems to be occurring more at 6.1.

Abigail
 645 pts.
 

Port 992 (SSL)

Abigail
 645 pts.
 

…there are no Packet Rules established.

I understand, but I wasn’t clear. I apologize,

Having a default set of Packet Rules in place (or at least defined and ready to be put in place) would give you a quick way to block a massive number of connection attempts from a problem PC. Simply by activating a Deny rule for telnet from the PC’s IP address you could eliminate new connections and reduce the “saturation”.

This frees your system from having to deal with it, and lets you take some time to fix the PC later… or fix whatever is wrong.

It’s a “Be prepared” action that can be done ahead of time when a Packet Rules set is made ready for use.

Tom

TomLiotta
 110,105 pts.