About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
7.1.0 z/VM TCPIP SSTRESS DOS Attacks
With the upgrade to z/VM TCP/IP 7.1.0, you may start to see SSTRESS Denial of Service (DOS) attacks being reported to the users in your INFORM list:
* MSG FROM TCPIP : A denial-of-service attack has been detected
In addition, you may start receiving complaints indicating users are no longer able to connect to your TCP/IP servers.
A NETSTAT DOS command may show the following:
netstat dos
VM TCP/IP Netstat Level 710 TCP/IP Server Name: TCPIP
Maximum Number of Half Open Connections: 502
Maximum Number of Persist Connections: 251
Maximum Number of Connections Per Foreign IP Address: 25
Denial of service attacks:
Attacks Elapsed Attack
Attack IP Address Detected Time Duration
-------- --------------------------------------- --------- ------------ ------------
SSTRESS 9.60.28.105 3 0.00:00:14 0.00:00:08
In z/VM 7.10, the default value for the FOREIGNIPCONLIMIT statement has been changed from 100% of the TCBPOOLSIZE to 10%. You need to take a close look at this statement and determine what the appropriate value should be for your installation. Refer to Chapter 17: Configuring the TCP/IP server in the z/VM TCP/IP Planning and Customization Manual for details on this statement.
To make a change to this value without having to restart TCP/IP, issue:
NETSTAT OBEY FOREIGNIPCONLIMIT xx
Where xx is 0 (no limit), a whole number or a percentage of the TCBPOOLSIZE.
In order to make the change permanent, add the statement to the TCP/IP config file so the value is also changed when the TCP/IP stack is restarted.
