RE: DNS calls....
Thank you all for the assistance. Helped a lot and I learned a lot :)) Best regards Jersey -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: DNS calls....
Thank you all for the assistance. Helped a lot and I learned a lot :)) Best regards Jersey
RE: DNS calls....
Hello Jeremy, Thank you for the response. I am sorry for brief description of the problem. There is no diald installed, the system runs straight forward isdnutils. Something keeps the line up. Every few minutes there is a call to a broadcast address and port 138, or a call to a DNS server :(. There is no broadcast specified in network configuration for ippp0 (my ISDN interface). I would like to be able to see who initiates those calls. Best regards Jersey -Original Message- From: Jeremy C. Reed [SMTP:[EMAIL PROTECTED]] Sent: Wednesday, May 02, 2001 7:16 PM To: Jerzy Miszczyk Cc: '[EMAIL PROTECTED]' Subject:Re: DNS calls On Wed, 2 May 2001, Jerzy Miszczyk wrote: I am using debian box with 2.2 basic installation, working as an ISDN gateway. How can I check which process or daemon frequently initiates the line with DNS call? I am getting grey hair partially because of the bill :(((. I am not sure if I understand this. Are you saying that your ISDN connection is only up (dials out) when connected by some diald (or other daemon)? And that it connects when you don't want it to? Use ps aux to see what daemons are running. Maybe disable diald (or whatever dials up) and just connect manually instead. Look at all your crontabs -- can you correlate some process with the same time that it dials up? How often does it try to connect? (What times?) Jeremy C. Reed http://www.isp-faq.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DNS calls....
On Thu, May 03, 2001 at 08:22:45AM -, Jerzy Miszczyk wrote: Hello Jeremy, Thank you for the response. I am sorry for brief description of the problem. There is no diald installed, the system runs straight forward isdnutils. Something keeps the line up. Every few minutes there is a call to a broadcast address and port 138, or a call to a DNS server :(. There is no broadcast specified in Port 138 is the netbios datagram service - I.e. Samba or windows sharing. Have you got samba running? Or a windows machine on the network? If so, you probably want to change your diald config to ignore stuff on port 138 (i.e. don't bother bringing up the line because of it) - or even better use ipchains to block it from going out in the first place. network configuration for ippp0 (my ISDN interface). I would like to be able to see who initiates those calls. Best regards Jersey snip -- *DISCLAIMER* I do not know exactly what I'm talking about. Large grains of salt recommended to aid in digestion. PGP signature
Re: DNS calls....
Jerzy Miszczyk wrote: Hello Jeremy, Thank you for the response. I am sorry for brief description of the problem. There is no diald installed, the system runs straight forward isdnutils. Something keeps the line up. Every few minutes there is a call to a broadcast address and port 138, or a call to a DNS server :(. There is no broadcast specified in network configuration for ippp0 (my ISDN interface). I would like to be able to see who initiates those calls. Is this a situation where your system is acting as DNS server for a network, and it is good enough to find the IP address of the offender? In that case, you could just make your bind do logging. Change your /etc/init.d/bind: start-stop-daemon --start --quiet --exec /usr/sbin/named -- -d 4 #start-stop-daemon --start --quiet --exec /usr/sbin/named Then look for the log in /var/cache/bind/named.run. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DNS calls....
On Thu, May 03, 2001 at 08:22:45AM -, Jerzy Miszczyk wrote: I am sorry for brief description of the problem. There is no diald installed, the system runs straight forward isdnutils. Something keeps the line up. Every few minutes there is a call to a broadcast address and port 138, that's probably samba. use ipchains to block ports 137-139 (both inbound and outbound) on your ippp0 interface. you'll want to do that for security reasons, anyway. or a call to a DNS server :(. you can't do the same for dns requests, because that would block DNS when the line was up. what you can do is write a script which adds a block rule for port 53, and run that when you take the line down. and another script which removes that block rule and run that when you want the line to come up. another alternative is to disable auto dialing in isdn. edit /etc/isdn/device.ippp0 and change: DIALMODE=auto to DIALMODE=off then run isdnctrl dial ippp0 when you want to dial out and isdnctrl hangup ippp0 to hang up. alternatively, just run /etc/init.d/isdnutils stop to kill the isdn connection and /etc/init.d/isdnutils start to bring it up again. if you need to allow non-root users to bring the isdn line up or down, you could write a sudo wrapper for either of these alternatives. craig -- craig sanders [EMAIL PROTECTED] GnuPG Key: 1024D/CD5626F0 Key fingerprint: 9674 7EE2 4AC6 F5EF 3C57 52C3 EC32 6810 CD56 26F0 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: DNS calls....
Hello Jeremy, Thank you for the response. I am sorry for brief description of the problem. There is no diald installed, the system runs straight forward isdnutils. Something keeps the line up. Every few minutes there is a call to a broadcast address and port 138, or a call to a DNS server :(. There is no broadcast specified in network configuration for ippp0 (my ISDN interface). I would like to be able to see who initiates those calls. Best regards Jersey -Original Message- From: Jeremy C. Reed [SMTP:[EMAIL PROTECTED] Sent: Wednesday, May 02, 2001 7:16 PM To: Jerzy Miszczyk Cc: 'debian-isp@lists.debian.org' Subject:Re: DNS calls On Wed, 2 May 2001, Jerzy Miszczyk wrote: I am using debian box with 2.2 basic installation, working as an ISDN gateway. How can I check which process or daemon frequently initiates the line with DNS call? I am getting grey hair partially because of the bill :(((. I am not sure if I understand this. Are you saying that your ISDN connection is only up (dials out) when connected by some diald (or other daemon)? And that it connects when you don't want it to? Use ps aux to see what daemons are running. Maybe disable diald (or whatever dials up) and just connect manually instead. Look at all your crontabs -- can you correlate some process with the same time that it dials up? How often does it try to connect? (What times?) Jeremy C. Reed http://www.isp-faq.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DNS calls....
On Thu, May 03, 2001 at 08:22:45AM -, Jerzy Miszczyk wrote: Hello Jeremy, Thank you for the response. I am sorry for brief description of the problem. There is no diald installed, the system runs straight forward isdnutils. Something keeps the line up. Every few minutes there is a call to a broadcast address and port 138, or a call to a DNS server :(. There is no broadcast specified in Port 138 is the netbios datagram service - I.e. Samba or windows sharing. Have you got samba running? Or a windows machine on the network? If so, you probably want to change your diald config to ignore stuff on port 138 (i.e. don't bother bringing up the line because of it) - or even better use ipchains to block it from going out in the first place. network configuration for ippp0 (my ISDN interface). I would like to be able to see who initiates those calls. Best regards Jersey snip -- *DISCLAIMER* I do not know exactly what I'm talking about. Large grains of salt recommended to aid in digestion. pgpa3PXxKLviU.pgp Description: PGP signature
Re: DNS calls....
Jerzy Miszczyk wrote: Hello Jeremy, Thank you for the response. I am sorry for brief description of the problem. There is no diald installed, the system runs straight forward isdnutils. Something keeps the line up. Every few minutes there is a call to a broadcast address and port 138, or a call to a DNS server :(. There is no broadcast specified in network configuration for ippp0 (my ISDN interface). I would like to be able to see who initiates those calls. Is this a situation where your system is acting as DNS server for a network, and it is good enough to find the IP address of the offender? In that case, you could just make your bind do logging. Change your /etc/init.d/bind: start-stop-daemon --start --quiet --exec /usr/sbin/named -- -d 4 #start-stop-daemon --start --quiet --exec /usr/sbin/named Then look for the log in /var/cache/bind/named.run.
Re: DNS calls....
On Thu, May 03, 2001 at 08:22:45AM -, Jerzy Miszczyk wrote: I am sorry for brief description of the problem. There is no diald installed, the system runs straight forward isdnutils. Something keeps the line up. Every few minutes there is a call to a broadcast address and port 138, that's probably samba. use ipchains to block ports 137-139 (both inbound and outbound) on your ippp0 interface. you'll want to do that for security reasons, anyway. or a call to a DNS server :(. you can't do the same for dns requests, because that would block DNS when the line was up. what you can do is write a script which adds a block rule for port 53, and run that when you take the line down. and another script which removes that block rule and run that when you want the line to come up. another alternative is to disable auto dialing in isdn. edit /etc/isdn/device.ippp0 and change: DIALMODE=auto to DIALMODE=off then run isdnctrl dial ippp0 when you want to dial out and isdnctrl hangup ippp0 to hang up. alternatively, just run /etc/init.d/isdnutils stop to kill the isdn connection and /etc/init.d/isdnutils start to bring it up again. if you need to allow non-root users to bring the isdn line up or down, you could write a sudo wrapper for either of these alternatives. craig -- craig sanders [EMAIL PROTECTED] GnuPG Key: 1024D/CD5626F0 Key fingerprint: 9674 7EE2 4AC6 F5EF 3C57 52C3 EC32 6810 CD56 26F0
Re: DNS calls....
On Wed, 2 May 2001, Jerzy Miszczyk wrote: I am using debian box with 2.2 basic installation, working as an ISDN gateway. How can I check which process or daemon frequently initiates the line with DNS call? I am getting grey hair partially because of the bill :(((. I am not sure if I understand this. Are you saying that your ISDN connection is only up (dials out) when connected by some diald (or other daemon)? And that it connects when you don't want it to? Use ps aux to see what daemons are running. Maybe disable diald (or whatever dials up) and just connect manually instead. Look at all your crontabs -- can you correlate some process with the same time that it dials up? How often does it try to connect? (What times?) Jeremy C. Reed http://www.isp-faq.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DNS calls....
Jeremy C. Reed writes: On Wed, 2 May 2001, Jerzy Miszczyk wrote: I am using debian box with 2.2 basic installation, working as an ISDN gateway. How can I check which process or daemon frequently initiates the line with DNS call? I am getting grey hair partially because of the bill :(((. I am not sure if I understand this. Are you saying that your ISDN connection is only up (dials out) when connected by some diald (or other daemon)? And that it connects when you don't want it to? Use ps aux to see what daemons are running. Maybe disable diald (or whatever dials up) and just connect manually instead. Look at all your crontabs -- can you correlate some process with the same time that it dials up? How often does it try to connect? (What times?) Jeremy C. Reed http://www.isp-faq.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] He means DNS lookups for DNS calls. I'm, i right? if so you must look your bind conf. ( Headache for sure ). Cheers. -- __ Felipe Alvarez Harnecker. QlSoftware. Tels. 665.99.41 - 09.874.60.17 e-mail: [EMAIL PROTECTED] http://qlsoft.cl/ http://ql.cl/ __ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DNS calls....
On Wed, 2 May 2001, Jerzy Miszczyk wrote: I am using debian box with 2.2 basic installation, working as an ISDN gateway. How can I check which process or daemon frequently initiates the line with DNS call? I am getting grey hair partially because of the bill :(((. I am not sure if I understand this. Are you saying that your ISDN connection is only up (dials out) when connected by some diald (or other daemon)? And that it connects when you don't want it to? Use ps aux to see what daemons are running. Maybe disable diald (or whatever dials up) and just connect manually instead. Look at all your crontabs -- can you correlate some process with the same time that it dials up? How often does it try to connect? (What times?) Jeremy C. Reed http://www.isp-faq.com/
Re: DNS calls....
Jeremy C. Reed writes: On Wed, 2 May 2001, Jerzy Miszczyk wrote: I am using debian box with 2.2 basic installation, working as an ISDN gateway. How can I check which process or daemon frequently initiates the line with DNS call? I am getting grey hair partially because of the bill :(((. I am not sure if I understand this. Are you saying that your ISDN connection is only up (dials out) when connected by some diald (or other daemon)? And that it connects when you don't want it to? Use ps aux to see what daemons are running. Maybe disable diald (or whatever dials up) and just connect manually instead. Look at all your crontabs -- can you correlate some process with the same time that it dials up? How often does it try to connect? (What times?) Jeremy C. Reed http://www.isp-faq.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] He means DNS lookups for DNS calls. I'm, i right? if so you must look your bind conf. ( Headache for sure ). Cheers. -- __ Felipe Alvarez Harnecker. QlSoftware. Tels. 665.99.41 - 09.874.60.17 e-mail: [EMAIL PROTECTED] http://qlsoft.cl/ http://ql.cl/ __