1-Start the HTTP instance
- Run command
WRKACTJOB SBS(QHTTPSVR) JOB(ESECTCP).
If no active jobs,
- run command
STRTCPSVR SERVER(*HTTP) HTTPSVR(ESECTCP)
- then run again command
WRKACTJOB SBS(QHTTPSVR) JOB(ESECTCP)
to make sure that some jobs are active.
2-Get the first page of the ESECTCP tool
On your WEB browser the the following URL:
The following page appears:
Meanings of the radio buttons:
- Level: - This is the level of detail you want to be displayed on the second page of the tool
- Select radio button Summary to display the list of the geographic locations where the rejected clients were located
- Select radio button Detail to display also the IP addresses of the rejected clients
- Servers: - Select the server (FTP, TELNET or BOTH (ftp and telnet together)) you are interested in.
Note. Clicking one of these three radio buttons submits the HTTP request.
3-The second page of the ESECTCP tool
As an example, suppose that you selected Sunmmary and FTP. Then you receive a screen like the following:
This page contains three legs:
Note the blue left arrow in the top left corner: click it to go back to the ESECTCP menu page.
- First leg - List of the geographic locations where some rejected client IP address were found to belong
- Second leg - Number of rejected client IP addresses by country
- Third leg - Graphical representation of the distribution by country of the rejected client IP addresses.
4-The first leg
This leg (see figure 3) lists the geographical locations of the rejected client IP addresses.
For each location, the following is reported:
Comments on Figure 3:
- Country, region and city
- Number of rejected client IP addresses from this location
- Total num,ber of times - across all them - they tried to login to the IBM i server (FTP in this case)
- A radio button that, if clicked, dislays the google map of that location (see figure 4).
- 614 different client IP addresses tried to connect via FTP, but their connection requests were immediately denied by SECTCP (they didn't even have the opportunity to try logging in).
- These 614 IP addresses were found to be distributed across 205 different geographical locations.
- As an example, let us take location number 12 (Canada, Quebec, Montreal). Two of the rejected clients were from this location. Those two clients totalled seven connection attempts,
all kicked off by SECTCP.
- If you click the radio button of this location, you are displayed a map of the Montreal area, see Figure 4.
|Figure 4 - A location map|
4-Second and third legs
The second leg (see figure 5) lists the rank of the FTP hackering countries.
As an example, China scored 428 rejected client IP addresses, about the 70% of the total number of rejected clients.
The third leg (Figure 6) is a pie chart of the country ranks.
|Figure 5 - Countries ranking
||Figure 6 - Graph of country ranks
5-The "Detail" level
When in the menu (Figure 1), you select Detail instead of Summary, you receive a screen similar to the one in Figure 2.
In this case, however, the first leg lists also the rejected IP addresses within a location.
See in Figure 7 the case when you select Detail and Both:
The following imnformation is provided at IP address level:
|Figure 7 - First leg when "Detail" level|
- The TCP server tried to be connected: F=FTP, T=TELNET
- The client IP address trying to connect
- The date of the first attempt by this IP address
- The date of the last attempt by this IP address
- The total number of attempts by this IP address
- A radio button to display the location map of this IP address
- A new flag when the first attempt was in the current date.
Press this link
to run the ESECTCP tool on the easy400.net site. Real data there!