Displays information about intrusion detection services.
>>-+--------------------+-------------------------------------->< +-SUMmary------------+ '-PROTOcol--protocol-'
Provide the report for a specific TCP/IP address space by using TCp tcpname. See The Netstat command target for more information about the TCp parameter.
The default output option displays the output on the user's terminal. For other options, see The TSO NETSTAT command syntax or Netstat command output.
>>-+--------------------+-------------------------------------->< +-SUMmary------------+ '-PROTOcol--protocol-'
Provide the report for a specific TCP/IP address space by using -p tcpname. See The Netstat command target for more information about the TCp parameter.
The default output option displays the output to z/OS UNIX shell stdout. For other options, see The z/OS UNIX netstat command syntax or Netstat command output.
NETSTAT IDS
NETSTAT IDS SUMMARY
NETSTAT IDS PROTOCOL TCP
NETSTAT IDS PROTOCOL UDP
netstat -k
netstat -k SUMMARY
netstat -k PROTOCOL TCP
netstat -k PROTOCOL UDP
The following examples are generated by using TSO NETSTAT command. Using the z/OS UNIX Netstat command displays the data in the same format as the TSO NETSTAT command.
Not IPv6 enabled example (SHORT format):
NETSTAT IDS
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 11:51:44
Intrusion Detection Services Summary:
Scan Detection:
GlobRuleName: ScanGlobal-rule
IcmpRuleName: ScanEventIcmp-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 60
SrcIPsTrkd: 0 StrgLev: 00000
Attack Detection:
Malformed Packets
PlcRuleName: AttackMalformed-rule
TotDetected: 11 DetCurrPlc: 8
DetCurrInt: 0 Interval: 0
OutBound RAW Restrictions
PlcRuleName: AttackOutboundRaw-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
Restricted Protocols
PlcRuleName: AttackIPprot-rule
TotDetected: 4 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
Restricted IP Options
PlcRuleName: AttackIPopt-rule
TotDetected: 64 DetCurrPlc: 10
DetCurrInt: 0 Interval: 0
ICMP Redirect Restrictions
PlcRuleName: AttackICMPRedirect-rule
TotDetected: 10 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
IP Fragment Restrictions
PlcRuleName: AttackIpFragment-rule
TotDetected: 4 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
UDP Perpetual Echo
PlcRuleName: AttackPerpEcho-rule
TotDetected: 32 DetCurrPlc: 10
DetCurrInt: 0 Interval: 0
Floods
PlcRuleName: AttackFlood-rule
TotDetected: 3 DetCurrPlc: 2
DetCurrInt: 0 Interval: 5
Data Hiding
PlcRuleName: AttackDataHiding-rule
TotDetected: 8 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
TCP Queue Size
PlcRuleName: AttackTCPQueSz-rule
TotDetected: 27 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
Global TCP Stall
PlcRuleName: AttackTCPStall-rule
TotDetected: 1 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
EE LDLC Check
PlcRuleName: EE_Attack-LDLC
TotDetected: 3 DetCurrPlc: 3
DetCurrInt: 0 Interval: 60
EE Malformed Packet
PlcRuleName: EE_Attack-Malformed
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
EE Port Check
PlcRuleName: EE_Attack-Port
TotDetected: 2 DetCurrPlc: 2
DetCurrInt: 0 Interval: 60
EE XID Flood
PlcRuleName: EE_Attack-XID
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 60
Traffic Regulation:
TCP
ConnRejected: 3 PlcActive: Y
UDP
PckDiscarded: 0 PlcActive: Y
Active Global Conditions:
ServersInConnFlood: 5
TCPStalledConns: 345 TCPStalledConnsPct: 14
Active Interface Floods:
IntfName: ETH1
DiscardCnt: 1828 DiscardRate: 57 Duration: 68
Intrusion Detection Services TCP Port List:
TcpListeningSocket: 0.0.0.0..23
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: ids-rule1
TrPortInst: Y TrCorr: 0 MxApp: 0 MxHst: 3
SynFlood: N ConnFlood: N
Intrusion Detection Services UDP Port List:
UdpDestSocket: 9.39.69.147..909
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: *NONE*
TrCorr: 0 Discarded: 0
NETSTAT IDS SUMMARY
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 11:51:44
Intrusion Detection Services Summary:
Scan Detection:
GlobRuleName: ScanGlobal-rule
IcmpRuleName: ScanEventIcmp-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 60
SrcIPsTrkd: 0 StrgLev: 00000
Attack Detection:
Malformed Packets
PlcRuleName: AttackMalformed-rule
TotDetected: 11 DetCurrPlc: 8
DetCurrInt: 0 Interval: 0
OutBound RAW Restrictions
PlcRuleName: AttackOutboundRaw-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
Restricted Protocols
PlcRuleName: AttackIPprot-rule
TotDetected: 4 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
Restricted IP Options
PlcRuleName: AttackIPopt-rule
TotDetected: 64 DetCurrPlc: 10
DetCurrInt: 0 Interval: 0
ICMP Redirect Restrictions
PlcRuleName: AttackICMPRedirect-rule
TotDetected: 10 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
IP Fragment Restrictions
PlcRuleName: AttackIpFragment-rule
TotDetected: 4 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
UDP Perpetual Echo
PlcRuleName: AttackPerpEcho-rule
TotDetected: 32 DetCurrPlc: 10
DetCurrInt: 0 Interval: 0
Floods
PlcRuleName: AttackFlood-rule
TotDetected: 3 DetCurrPlc: 2
DetCurrInt: 0 Interval: 5
Data Hiding
PlcRuleName: AttackDataHiding-rule
TotDetected: 8 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
TCP Queue Size
PlcRuleName: AttackTCPQueSz-rule
TotDetected: 27 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
Global TCP Stall
PlcRuleName: AttackTCPStall-rule
TotDetected: 1 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
EE LDLC Check
PlcRuleName: EE_Attack-LDLC
TotDetected: 3 DetCurrPlc: 3
DetCurrInt: 0 Interval: 60
EE Malformed Packet
PlcRuleName: EE_Attack-Malformed
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
EE Port Check
PlcRuleName: EE_Attack-Port
TotDetected: 2 DetCurrPlc: 2
DetCurrInt: 0 Interval: 60
EE XID Flood
PlcRuleName: EE_Attack-XID
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 60
Traffic Regulation:
TCP
ConnRejected: 3 PlcActive: Y
UDP
PckDiscarded: 0 PlcActive: Y
Active Global Conditions:
ServersInConnFlood: 5
TCPStalledConns: 345 TCPStalledConnsPct: 14
Active Interface Floods:
IntfName: ETH1
DiscardCnt: 1828 DiscardRate: 57 Duration: 68
NETSTAT IDS PROTOCOL TCP
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 11:51:44
Intrusion Detection Services TCP Port List:
TcpListeningSocket: 0.0.0.0..23
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: ids-rule1
TrPortInst: Y TrCorr: 0 MxApp: 0 MxHst: 3
SynFlood: N ConnFlood: N
NETSTAT IDS PROTOCOL UDP
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 11:51:44
Intrusion Detection Services UDP Port List:
UdpDestSocket: 9.39.69.147..909
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: *NONE*
TrCorr: 0 Discarded: 0
IPv6 enabled or request for LONG format:
NETSTAT IDS
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 11:51:44
Intrusion Detection Services Summary:
Scan Detection:
GlobRuleName: ScanGlobal-rule
IcmpRuleName: ScanEventIcmp-rule
Icmpv6RuleName: ScanEventIcmpv6-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 60
SrcIPsTrkd: 0 StrgLev: 00000
Attack Detection:
Malformed Packets
PlcRuleName: AttackMalformed-rule
TotDetected: 11 DetCurrPlc: 8
DetCurrInt: 0 Interval: 0
OutBound IPv4 RAW Restrictions
PlcRuleName: AttackOutboundRaw-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
Restricted IPv4 Protocols
PlcRuleName: AttackIPprot-rule
TotDetected: 4 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
Restricted IPv4 Options
PlcRuleName: AttackIPopt-rule
TotDetected: 64 DetCurrPlc: 10
DetCurrInt: 0 Interval: 0
ICMP Redirect Restrictions
PlcRuleName: AttackICMPRedirect-rule
TotDetected: 10 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
IP Fragment Restrictions
PlcRuleName: AttackIpFragment-rule
TotDetected: 4 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
UDP Perpetual Echo
PlcRuleName: AttackPerpEcho-rule
TotDetected: 32 DetCurrPlc: 10
DetCurrInt: 0 Interval: 0
Floods
PlcRuleName: AttackFlood-rule
TotDetected: 3 DetCurrPlc: 2
DetCurrInt: 0 Interval: 5
Data Hiding
PlcRuleName: AttackDataHiding-rule
TotDetected: 8 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
TCP Queue Size
PlcRuleName: AttackTCPQueSz-rule
TotDetected: 27 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
Global TCP Stall
PlcRuleName: AttackTCPStall-rule
TotDetected: 1 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
EE LDLC Check
PlcRuleName: EEAttack-LDLC
TotDetected: 3 DetCurrPlc: 3
DetCurrInt: 0 Interval: 60
EE Malformed Packet
PlcRuleName: EEAttack-Malformed
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 60
EE Port Check
PlcRuleName: EE_Attack-Port
TotDetected: 2 DetCurrPlc: 2
DetCurrInt: 0 Interval: 60
EE XID Flood
PlcRuleName: EE_Attack-XID
TptDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 60
OutBound IPv6 RAW Restrictions
PlcRuleName: AttackOutboundv6Raw-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
Restricted IPv6 Next Headers
PlcRuleName: AttackNextHdr-rule
TotDetected: 30 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
Restricted IPv6 Destination Options
PlcRuleName: AttackDestOpts-rule
TotDetected: 15 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
Restricted IPv6 Hop-by-Hop Options
PlcRuleName: AttackHopOpts-rule
TotDetected: 3 DetCurrPlc: 1
DetCurrInt: 0 Interval: 0
Traffic Regulation:
TCP
ConnRejected: 3 PlcActive: Y
UDP
PckDiscarded: 0 PlcActive: Y
Active Global Conditions:
ServersInConnFlood: 5
TCPStalledConns: 345 TCPStalledConnsPct: 14
Active Interface Floods:
IntfName: ETH1
DiscardCnt: 1828 DiscardRate: 57 Duration: 68
Intrusion Detection Services TCP Port List:
TcpListeningSocket: 0.0.0.0..23
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: ids-rule1
TrPortInst: Y TrCorr: 0 MxApp: 0 MxHst: 3
SynFlood: N ConnFlood: N
TcpListeningSocket: 2001:db8::9:67:115:66..21
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: ids-rule1
TrPortInst: Y TrCorr: 0 MxApp: 1 MxHst: 2
SynFlood: N ConnFlood: N
Intrusion Detection Services UDP Port List:
UdpDestSocket: 9.39.69.147..909
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: *NONE*
TrCorr: 0 Discarded: 0
UdpDestSocket: 2001:db8::9:67:115:78..911
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: *NONE*
TrCorr: 0 Discarded: 0
NETSTAT IDS SUMMARY
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 11:51:44
Intrusion Detection Services Summary:
Scan Detection:
GlobRuleName: ScanGlobal-rule
IcmpRuleName: ScanEventIcmp-rule
Icmpv6RuleName: ScanEventIcmpv6-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 60
SrcIPsTrkd: 0 StrgLev: 00000
Attack Detection:
Malformed Packets
PlcRuleName: AttackMalformed-rule
TotDetected: 11 DetCurrPlc: 8
DetCurrInt: 0 Interval: 0
OutBound IPv4 RAW Restrictions
PlcRuleName: AttackOutboundRaw-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
Restricted IPv4 Protocols
PlcRuleName: AttackIPprot-rule
TotDetected: 4 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
Restricted IPv4 Options
PlcRuleName: AttackIPopt-rule
TotDetected: 64 DetCurrPlc: 10
DetCurrInt: 0 Interval: 0
ICMP Redirect Restrictions
PlcRuleName: AttackICMPRedirect-rule
TotDetected: 10 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
IP Fragment Restrictions
PlcRuleName: AttackIpFragment-rule
TotDetected: 4 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
UDP Perpetual Echo
PlcRuleName: AttackPerpEcho-rule
TotDetected: 32 DetCurrPlc: 10
DetCurrInt: 0 Interval: 0
Floods
PlcRuleName: AttackFlood-rule
TotDetected: 3 DetCurrPlc: 2
DetCurrInt: 0 Interval: 5
Data Hiding
PlcRuleName: AttackDataHiding-rule
TotDetected: 8 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
TCP Queue Size
PlcRuleName: AttackTCPQueSz-rule
TotDetected: 27 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
Global TCP Stall
PlcRuleName: AttackTCPStall-rule
TotDetected: 1 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
EE LDLC Check
PLCRuleName: EE_Attack-LDLC
TotDetected: 3 DetCurrPlc: 3
DetCurrInt: 0 Interval: 1
EE Malformed Packet
PlcRuleName: EE_Attack-Malformed
TotDetected: 0 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
EE Port Check
PlcRuleName: EE_Attack-Port
TotDetected: 2 DetCurrPlc: 2
DetCurrInt: 0 Interval: 60
EE XID Flood
PlcRuleName: EE_Attack-XID
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 60
OutBound IPv6 RAW Restrictions
PlcRuleName: AttackOutboundv6Raw-rule
TotDetected: 0 DetCurrPlc: 0
DetCurrInt: 0 Interval: 0
Restricted IPv6 Next Headers
PlcRuleName: AttackNextHdr-rule
TotDetected: 30 DetCurrPlc: 4
DetCurrInt: 0 Interval: 0
Restricted IPv6 Destination Options
PlcRuleName: AttackDestOpts-rule
TotDetected: 15 DetCurrPlc: 2
DetCurrInt: 0 Interval: 0
Restricted IPv6 Hop-by-Hop Options
PlcRuleName: AttackHopOpts-rule
TotDetected: 3 DetCurrPlc: 1
DetCurrInt: 0 Interval: 0
Traffic Regulation:
TCP
ConnRejected: 3 PlcActive: Y
UDP
PckDiscarded: 0 PlcActive: Y
Active Global Conditions:
ServersInConnFlood: 5
TCPStalledConns: 345 TCPStalledConnsPct: 14
Active Interface Floods:
IntfName: ETH1
DiscardCnt: 1828 DiscardRate: 57 Duration: 68
NETSTAT IDS PROTOCOL TCP
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 11:51:44
Intrusion Detection Services TCP Port List:
TcpListeningSocket: 0.0.0.0..23
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: ids-rule1
TrPortInst: Y TrCorr: 0 MxApp: 0 MxHst: 3
SynFlood: N ConnFlood: N
TcpListeningSocket: 2001:db8::9:67:115:66..21
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: ids-rule1
TrPortInst: Y TrCorr: 0 MxApp: 1 MxHst: 2
SynFlood: N ConnFlood: N
NETSTAT IDS PROTOCOL UDP
MVS TCP/IP NETSTAT CS V2R1 TCPIP Name: TCPCS 11:51:44
Intrusion Detection Services UDP Port List:
UdpDestSocket: 9.39.69.147..909
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: *NONE*
TrCorr: 0 Discarded: 0
UdpDestSocket: 2001:db8::9:67:115:78..911
ScStat: C ScRuleName: ids-rule7
TrStat: C TrRuleName: *NONE*
TrCorr: 0 Discarded: 0
This section displays the following scan detection information. See Intrusion detection services in z/OS Communications Server: IP Configuration Guide for detailed information about IDS scan support.
This section displays the following information for each attack type. See Intrusion Detection Services in z/OS Communications Server: IP Configuration Guide for detailed information about IDS attack support.
This section displays the following TCP and UDP traffic regulation information. See Intrusion detection services in z/OS Communications Server: IP Configuration Guide for detailed information about IDS traffic regulation support.
Displays the following global state information related to IDS and attack protection.
This section is displayed only if there is one or more interface floods in progress. Interface flood discard counts and rates are updated at one-minute intervals.
The following describes the information displayed by the PROTOcol selected. The information is displayed by destination IP address and port. This information is displayed only for the applications with IDS related information, such as if Traffic Regulation or Scan Detection policy is active for the application. For TCP, the data is also shown if the application is currently experiencing a SYN flood.
Indicates if the application is currently experiencing a SYN flood. A server is considered under a SYN flood attack when connection requests are being discarded because the backlog queue is full and cannot be expanded any further.