I have an AS400 - 9405/520 that is logging some strange messages in the QYSOPR message queue. This particular machine is our disaster revovery machine and is not used in a production environment. We have it at an offsite location and we just do daily restores from a backup tape (from the production) to keep it current (within a day). I don't monitor it a whole lot because I am busy and it it does not do anything. I do try my best to make sure the restore job happens and I try to verify this daily.
Recently I noticed an the QYSOPR message queue a lot of messages indicating TCP connections closed. There are really a lot of these in the the message queue and I do not recognize the IP addresses. I looked some of them up and they are coming from Pakistan and Islmabad and Turkey etc. I find this odd and don't know if I should be concerned or paranoid or what.
This machine is connected to the Network. It has no public IP address, not a web server or anything like that. We have T1's + MPLS that connect the branches and the only way out is via an Internet connection that is shared across the T1 MPLS.
I am attaching an image file showing some of the messages.
Anyone have some good knowledge of what this all means?