Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
EZZ8677I z/OS Communications Server: IP Messages Volume 4 (EZZ, SNM) SC27-3657-01 |
|
EZZ8677I TRMD ATTACK EE XID timeout flood start: date time dipaddr= dipaddr timeoutthreshold= timeoutthreshold lastsip= lastsip sipcnt= sipcnt correlator= correlator probeid= probeid sensorhostname= sensorhostname ExplanationAn EE XID flood attack was detected by Intrusion Detection Services (IDS). This occurs when the number of EE XID timeouts, documented by message EZZ8675I, received in a one minute interval is equal to the EEXIDtimeout value. The EEXIDtimeout value is set in the action for the EE_XID_FLOOD IDS policy. If not set, the value is 100 for an active EE_XID_FLOOD IDS policy. In the message text:
System actionProcessing continues. Operator responseNone. System programmer responseA possible XID flood attack exists for the specified destination IP address. The lastsip and sipcnt provide information pertaining to the source of the XIDs. If the last source IP address (lastsip) is a valid partner EE endpoint and sipcnt is greater than one, check for problems at the source. If the sipcnt is one, check the syslogd for EZZ8675I messages that identify previous timeouts to this destination IP address. If the source IP address is valid, test the EE connectivity between the two EE endpoints by issuing the DISPLAY NET,EEDIAG,TEST=YES command. See z/OS Communications Server: SNA Operation for details. User responseNot applicable. Problem determinationNone. Sourcez/OS® Communications Server TCP/IP: TRMD ModuleEZATRMD Routing code2, 8 Descriptor code8, 9 AutomationNot applicable. Example
Procedure nameWriteLogEntries |
Copyright IBM Corporation 1990, 2014
|