Attack statistics (-A -S) report

This report is displayed when both the -A and -S options are specified on the trmdstat command. It displays the contents of attack statistics records, EZZ8653I. An attack statistics log record contains the number of attacks detected in a specific attack type during a statistics interval. This report takes an attack statistics record and formats it. There is no consolidation or sorting of records. For the Flood type, the attacks number represents the total number of SYN flood and Interface flood starts that are detected during the interval. For the XIDFlood type, the attacks number represents the total number of XID flood starts that are detected during the interval. For the TCPStall type, the attacks number represents the number of times a global TCP stall event is detected during the interval. For the TCPQueSz type, the attacks number represents the total number of TCP queue size constraints that are detected during the interval.

>trmdstat -AS /tmp/tstlog.log
trmdstat for z/OS CS V2R1  Fri Nov 25 09:19:06 2011

Command Entered     : trmdstat -AS /tmp/tstlog.log
Log Time Interval   : Sep 22 15:08:32  - Nov 29 15:24:28
Stack Time Interval : Sep 22 15:08:22  - Nov 29 19:24:23
TRM Records Scanned : 227

                           ATTACK  Statistics

 Attack           Date and Time               Attacks             Action
--------      ----------------------         ----------         -----------
TCPStall      09/22/2011 15:08:22.06                  0         noresetconn
TCPQueSz      09/22/2011 15:08:22.07                  0         resetconn
TCPStall      09/22/2011 15:18:14.49                  0         resetconn
EELDLCCk      11/12/2011 04:34:02.05                  0         nodiscard
XIDFlood      11/12/2011 04:34:02.05                  1         nodiscard
EEMalfmd      11/12/2011 05:24:52.34                  3         discard
EEPortCk      11/12/2011 05:24:52.34                  1         discard
Redirect      11/12/2011 18:52:16.19                  0         nodiscard
PerpEcho      11/14/2011 16:03:09.07                  1         nodiscard
NextHdrs      11/18/2011 16:04:59.46                  2         discard
NextHdrs      11/18/2011 18:28:20.17                  1         nodiscard
Flood         11/23/2011 14:46:27.18                  7         discard
OutRaw6       11/29/2011 19:24:23.33                  1         discard

The following information describes the areas of the attack statistics report.

Attack

Indicates the attack type. The values that can be displayed are:

DataHide - Data hiding
DestOpts - Restricted IPv6 destination option
EELDLCCk - Enterprise Extender LDLC check
EEMalfmd - EE malformed packet
EEPortCk - EE source port check
Flood - SYN flood and interface flood
Fragment - IP Fragment
HopOpts - Restricted IPv6 hop-by-hop option
IPOption - Restricted IPv4 option
IPProto - Restricted IPv4 protocol
Malform - Malformed packet
NextHdrs - Restricted IPv6 next header
OutRaw4 - Outbound IPv4 Raw
OutRaw6 - Outbound IPv6 Raw
PerpEcho - Perpetual echo
Redirect- ICMP redirect
TCPQueSz - TCP queue size
TCPStall - Global TCP stall
XIDFlood - EE XID flood

Date and Time

Indicates the date and time at which the statistics information was gathered by the TCP/IP stack.

Attacks

Indicates the number of attacks recorded.

Action

Indicates the action that is configured for the attack type. The possible action values are:

discard: Indicates that packets associated with an attack are discarded.
nodiscard: Indicates that packets associated with an attack are not discarded.
resetconn: Indicates that connections associated with an attack are reset.
noresetconn: Indicates that connections associated with an attack are not reset.