• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • Windows Explorer DOS Attacks On IBM i 7.3

    June 20, 2016 Alex Woodie

    If you have noticed that Windows Explorer seems to be running especially slow when mapped to your IBM i server, you are not alone. Over the past month, there have been several reports of what appear to be limited denial of service (DOS) attacks against servers running IBM i 7.3. This issue stems from a change in protocols for mapped drives that IBM made with the new operating system, but it appears that Microsoft is on the hook for the fix.

    IBM issued a Technote about a month ago to describe the problem and to offer various workarounds. The problem exists in the connection between the Windows Explorer utility in Windows 7 and Windows 10, and the NetServer program in IBM i version 7.3 that lets clients access the IFS file shares via a network drive.

    In its Technote, IBM says: “Microsoft Windows Explorer performs an endless, rapid, refresh of a drive mapped to a NetServer share. This prevents the user from paging through the file list and performing tasks such as rename object, etc.”

    The result of the rapid refreshes is wasting of IBM i resources, which is the definition of a DOS attack. However, it doesn’t appear that the problem is impacting any other aspects of IBM i performance.

    “So far the DOS attack only causes issues with the Windows file explorer sessions,” Rob Berendt, an IBM i administrator for a company in Indiana who has been tracking the problem, wrote on the MIDRANGE-L discussion board. “We’ve not noticed other performance implications.”

    You can tell if your copy of Windows Explorer is impacted “if the arrows on folders are flashing on/off when in Windows Explorer with the mouse cursor in the navigation pane,” IBM says in its Technote.

    The problem is related to a change in the Server Message Block (SMB) protocol that IBM made with the new OS. In previous releases, IBM used SMB1 to connect network drives to Windows clients and provide access to printers, serial ports, etc. With IBM i 7.3, IBM switched to the newer SMB2 protocol for security reasons.

    IBM says there’s nothing wrong with its implementation of SMB2 in its NetServer software. “NetServer is protocol compliant and changes need to be made on the client to avoid wasting resources,” IBM says in its Technote. “Microsoft Windows Explorer is ignoring a STATUS_NOT_SUPPORTED response that is returned to it from the IBM i server on a Change Notify request.”

    It doesn’t appear that this problem is a priority for Microsoft. In an email to IT Jungle, Berendt says the author of IBM’s Technote talked directly to the developers of the SMB2 code at Microsoft. “They admitted they’re not up to spec,” Berendt says. “They have no plans at this time to change.”

    IBM is encouraging other IBM i 7.3 users to come forward if they’re experiencing the problem. IBM is also encouraging IBM i 7.3 users to request that Microsoft fix the problem.

    IT Jungle contacted Microsoft about the apparent problems with the SMB2 implementation and the “change notify” requests. While there was no official response, it appears the two sides may be working together to find a solution.

    In the meantime, IBM offers several workarounds, including:

    • Using IBM System i Navigator instead of Windows Explorer
    • Using a SAMBA client to connect to NetServer shares
    • Modifying the Windows registry to disable “change notify”
    • Using FTP instead of Explorer
    • Using an NFS mount
    • And disabling SMB2 on IBM i

    For more information, see IBM’s Technote at http://www-01.ibm.com/support/docview.wss?uid=nas8N1021348.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags:

    Sponsored by
    Fresche Solutions

    ON-DEMAND SESSION

    Protecting Your IBM i Systems from Ransomware and Other Cyber Threats

    Zero-day attacks and ransomware threats are on the rise and data that resides on IBM i is not immune. Now is the time to learn how to defend it.

    Join Marcel Sarrasin, CPO, Fresche and Pauline Brazil Ayala, VP of Operations, Trinity Guard as they introduce you to TGSuite, the next generation of IBM i security tools and dive into IFS and network security to help you learn how to configure the defenses on your system and guard your valuable data.

    In the session, Pauline and Marcel will discuss:

    • What a secure system looks like in 2022
    • Cybersecurity and auditing, data-level reporting and job activity monitoring
    • Advanced exit point security – knowing and managing who has access to your IBM i
    • Setting up alerts on critical security events as they happen
    • Managing all your LPARs from one centralized web console

    Watch Now!

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Sponsored Links

    System i Developer:  RPG & DB2 Summit - October 4-6 2016 in Chicago. Register now!
    COMMON:  Open Source and Systems Management at the COMMON Forum. August 24-25 in Chicago.
    OCEAN:  3 days of inspiration! 2016 IBM i Technical Conference, July 21-23, Costa Mesa, California

    Inline Table Functions In DB2 For i Power Systems GM Weights In On AS/400 Birthday

    Leave a Reply Cancel reply

Volume 26, Number 28 -- June 20, 2016
THIS ISSUE SPONSORED BY:

Profound Logic Software
COMMON
Valence Framework for IBM i
System i Developer
WorksRight Software

Table of Contents

  • The AS/400 At 28: A HENRY, Not A DINK
  • Windows Explorer DOS Attacks On IBM i 7.3
  • Analytical Expectations And Misconceptions Of IBM i
  • As I See It: Rediscovering The Big Fresh
  • Remain Software Pursues 2E Users, Expands Asian Partnerships

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • How Committed Is Big Blue To The IBM Cloud?
  • Immutable Copies Are Only As Good As Your Validation
  • Guru: IBM i *USRPRF Security
  • ERP Transitions Loom for SAP on IBM i Customers
  • Inflation Pumps Up Global IT Spending, Supply Chain Deflates It
  • COMMON Set for First Annual Conference in Three Years
  • API Operations Management for Safe, Powerful, and High Performance APIs
  • What’s New in IBM i Services and Networking
  • Four Hundred Monitor, May 18
  • IBM i PTF Guide, Volume 24, Number 20

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2022 IT Jungle

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.