ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » AMQRMPPA using high CPU due to network scan

Post new topic  Reply to topic
 AMQRMPPA using high CPU due to network scan « View previous topic :: View next topic » 
Author Message
sewchan
PostPosted: Tue Feb 08, 2005 8:15 am    Post subject: AMQRMPPA using high CPU due to network scan Reply with quote

Newbie

Joined: 08 Feb 2005
Posts: 2
We were using Retina network security scanner to scan the network. It is an award winning security product produced by Eeye digital security
http://www.eeye.com . The version being used was 5.1.2.1175
Eeye have stated that within their product the out of the box scan conducts
several "non-intrusive" websphere audits.

MQ for iSeries 5.3 runs under OS400 v5r1 and listens on a particular port .

As the scan was being conducted it it kicked off many AMQRMPPA tasks using excessive CPU and slowing down thruput on the AS/400 and giving message: AMQ9207:
Message . . . . : The data received from host 'monitor-view (10.xxx.xx.xxx)
is not valid.
Cause . . . . . : Incorrect data format received from host 'monitor-view
(10.xxx.xx.xxx)' over TCP/IP. It may be that an unknown host is attempting to send data. An FFST file has been generated containing the invalid data received.

Question:

How do I lock down this port so that it only listens to messages from a specific IP address??

or How do I prevent the AS/400 from being affected by this network scan?

Jit
Back to top
View user's profile Send private message
vennela
PostPosted: Tue Feb 08, 2005 9:01 am    Post subject: Reply with quote

Jedi Knight

Joined: 11 Aug 2002
Posts: 4055
Location: Hyderabad, India
Quote:
How do I lock down this port so that it only listens to messages from a specific IP address??

Maybe BlockIP will help
Search this site for it
Back to top
View user's profile Send private message Send e-mail Visit poster's website
fjb_saper
PostPosted: Tue Feb 08, 2005 12:56 pm    Post subject: Reply with quote

Grand High Poobah

Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
Why not simply lockout the MQ port from your award winning scanning tool ?
Back to top
View user's profile Send private message Send e-mail
SAFraser
PostPosted: Tue Feb 08, 2005 2:01 pm    Post subject: Reply with quote

Shaman

Joined: 22 Oct 2003
Posts: 742
Location: Austin, Texas, USA
When this happened to me at a previous job, we did just that -- we hollered until the network guys removed 1414 and 1881 from their scanning tool. Their scan of those two ports was not serving any useful purpose and it was giving us many errors we did not need.

Shirley
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » AMQRMPPA using high CPU due to network scan
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.