RE: [smartBridges] HELP net traffic and where is it coming from

[Scott Damron]

Title: Message

If you are running an old linux box that you don't have a root password for, that means it is more than likely out of date as far as patches go.  That means it could possibly be "Rooted" and that is not a good thing!!!  There are alot of DNS DDOS attachs out there, I would download ethereal and watch the traffic VERY closely for a couple of hours.   Scott -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Blazen Wireless Sent: Thursday, September 11, 2003 8:16 AM To: [EMAIL PROTECTED] Subject: [smartBridges] HELP net traffic and where is it coming from I have Brilan bandwidth control and for kicks I put my servers behind it and just yesterday I noticed that I have a steady 250kbps up and down on my DNS and my mail server I unplug the Lan connection to my T-1 and the problem goes away so I know it is not my wireless customers? I did a sweep and found nor worms on my 2000 machine I do have Linux 6.4 machine that I don't know root so cant run any kind of scan but it appears that it is coming from the WWW? how can I tell what IP or where this is coming from its almost like a DNS??? things are functioning normal but a little slow since this is taking some of the bandwidth?? can or would my ISP (megapath) be able to tell where it is coming from???   I have a strange feeling the WAR has started between me and the competition since they threatened to do something for their 3 customers jumping ship and coming to me because of their poor service!   I have TCP IP Dump but cant really see any thing specific to those IP addresses??   Martin & Steve Blazen Wireless www.blazenwireless.com