Skip to main content  
        iSeries home   |   Easy400  
Public-Source
 
Introduction 
 
 How to
 
 Download
 
 

 
ESECTCP  
How to

1-Start the HTTP instance

  • Run command
    WRKACTJOB SBS(QHTTPSVR) JOB(ESECTCP).
    If no active jobs,
    • run command
      STRTCPSVR SERVER(*HTTP) HTTPSVR(ESECTCP)
    • then run again command
      WRKACTJOB SBS(QHTTPSVR) JOB(ESECTCP)
      to make sure that some jobs are active.

2-Get the first page of the ESECTCP tool

On your WEB browser the the following URL:
http://IBM-i_tcp_address:8020/sectcpe
The following page appears:
Figure 1 - ESECTCP menu
Meanings of the radio buttons:
  1. Level: - This is the level of detail you want to be displayed on the second page of the tool
    • Select radio button Summary to display the list of the geographic locations where the rejected clients were located
    • Select radio button Detail to display also the IP addresses of the rejected clients
  2. Servers: - Select the server (FTP, TELNET or BOTH (ftp and telnet together)) you are interested in.
    Note. Clicking one of these three radio buttons submits the HTTP request.

3-The second page of the ESECTCP tool

As an example, suppose that you selected Sunmmary and FTP. Then you receive a screen like the following:
Figure 2 - FTP summary
This page contains three legs:
  • First leg - List of the geographic locations where some rejected client IP address were found to belong
  • Second leg - Number of rejected client IP addresses by country
  • Third leg - Graphical representation of the distribution by country of the rejected client IP addresses.
Note the blue left arrow in the top left corner: click it to go back to the ESECTCP menu page.

4-The first leg

This leg (see figure 3) lists the geographical locations of the rejected client IP addresses.
For each location, the following is reported:
  • Country, region and city
  • Number of rejected client IP addresses from this location
  • Total num,ber of times - across all them - they tried to login to the IBM i server (FTP in this case)
  • A radio button that, if clicked, dislays the google map of that location (see figure 4).
Figure 3 - Location list
Comments on Figure 3:
  • 614 different client IP addresses tried to connect via FTP, but their connection requests were immediately denied by SECTCP (they didn't even have the opportunity to try logging in).
  • These 614 IP addresses were found to be distributed across 205 different geographical locations.
  • As an example, let us take location number 12 (Canada, Quebec, Montreal). Two of the rejected clients were from this location. Those two clients totalled seven connection attempts, all kicked off by SECTCP.
  • If you click the radio button of this location, you are displayed a map of the Montreal area, see Figure 4.
    Figure 4 - A location map

    4-Second and third legs

    The second leg (see figure 5) lists the rank of the FTP hackering countries. As an example, China scored 428 rejected client IP addresses, about the 70% of the total number of rejected clients.
     
    Figure 5 - Countries ranking Figure 6 - Graph of country ranks
    The third leg (Figure 6) is a pie chart of the country ranks.

    5-The "Detail" level

    When in the menu (Figure 1), you select Detail instead of Summary, you receive a screen similar to the one in Figure 2. In this case, however, the first leg lists also the rejected IP addresses within a location.
    See in Figure 7 the case when you select Detail and Both:
    Figure 7 - First leg when "Detail" level
    The following imnformation is provided at IP address level:
    1. The TCP server tried to be connected: F=FTP, T=TELNET
    2. The client IP address trying to connect
    3. The date of the first attempt by this IP address
    4. The date of the last attempt by this IP address
    5. The total number of attempts by this IP address
    6. A radio button to display the location map of this IP address
    7. A new flag when the first attempt was in the current date.

    6-Live demo

    Press this link to run the ESECTCP tool on the easy400.net site. Real data there!