Oh do you have any information ? nothing ? scary stuff hamm.. come-on you must have something.. even normal tcpdump -n will give you some kind of a picture
from your public DMZ server what kind of service world or you get, give us some more details, config etc I am sure you have holls in your firewall rules else you are running Windows Box as your DMZ server while all the ports open heh.. Please give us more information Upnet Joe ----- Original Message ----- From: "Greg Ford" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 18, 2002 6:38 AM Subject: [Leaf-user] Under attack > Hi > > I'm running Dachstein 1.02. With a public IP DMZ plus some masqueraded > workstations. > We are connected via a shared 10/100 link to our ISP. > > Recently we've come under attack, but I can't figure out where or what by. > > The first I noticed was very high internet use reported by our ISP. > 100 times our normal traffic. > > What's my best solution for tracing this traffic, > I have run tried iptraf and snort, > but I don't seem to be getting the data in a useful format. > > What I think I need is to find out: > how much traffic is my firewall receiving (on the external port) > how much is being transmitted > which internal machines receive the most traffic, how much traffic is that > > Thanks in advance > > Greg Ford > > > > > _______________________________________________ > Leaf-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
