Bonjour,
Par hasard j'ai jeté un oeil sur la msgq Qsysopr et ai vu ceci :
ID message . . . . . . : TCP2617
Date d'envoi . . . . . : 09/04/11 Heure d'envoi . . . . : 18:15:44
Message . . . . : TCP/IP connection to remote system 64.95.64.197 closed,
reason code 2.
Cause . . . . . : The TCP/IP connection to remote system 64.95.64.197 has
been closed. The connection was closed for reason code 2. Full connection
details for the closed connection include:
- local IP address is 192.168.1.110
- local port is 5007
- remote IP address is 64.95.64.197
- remote port is 389
Reason codes and their meanings follow:
1 = TCP connection closed due to expiration of 10 minute Close Wait timer.
2 = TCP connection closed due to R2 retry threshold being run.
3 = TCP connection closed due to keepalive timeout.
If TCPCNNMSG(*THRESHOLD) is defined for the Change TCP/IP Attributes (CHGTCPA)
command then there could be additional connections that have closed within
the threshold window. The number of additional TCP connections that have
closed is 0.
Recovery . . . : Informational message.
L'adresse IP m'a surpris car mon reseau, constitué d'une Livebox 192.168.1.1 connectée à un switch et les ordis du reseau sont en 192.168.1.x
j'ai regardé qui était cette adresse ip et vu ceci :
64.95.64.197 IP address location & more:
IP address [?]: 64.95.64.197 [Whois] [Reverse IP]
IP country code: US
IP address country: United States
IP address state: Massachusetts
IP address city: Salem
IP postcode: 01970
IP address latitude: 42.5153
IP address longitude: -70.9075
ISP of this IP [?]: Internap Network Services Corporation
Organization: Internap Network Services Corporation
Host of this IP: [?]: lander.activeaudience.com [Whois] [Trace]
Local time in United States: 2011-04-09 12:39
La variable QSECURITY est a 40.
Dois je fermer les ports 5007 et 5006 (meme alerte dessus) ?
L'Iseries a t il bien reagit ? dois-je renforce la sécurité a un niveau quelconque ?
merci d'avance,
Hermelin
ps : le temps d'ecrire le message et il y avait un nouveau message cette fois sur le port 5008...
Partager