Steps for reviewing data on the queue if you are not using IDS
Before you begin, you need to have issued the D TCPIP,,STOR and D Net,CSM,Ownerid=All commands to track storage use.
Depending on your configuration, take the following actions to determine whether data is accumulated on the queue:
If . . . | Then . . . | And take the following actions... |
---|---|---|
TCP QUEUE Size attack detection is not configured to log to syslogd | Issue the Netstat ALL/-A command to determine whether a lot of application data has accumulated on the queues for TCP connections. |
|
TCP QUEUE Size attack detection is configured to log to syslogd | Look in the syslogd output for messages EZZ8621I, EZZ86641I, or EZZ8666I. These messages indicate that excessive or old data is accumulating on the receive, send, or out-of-order queue for a TCP connection. |
|
You can now perform the steps for the decision you have made.