Re: [smartBridges] HELP net traffic and where is it coming from

[Blazen Wireless]

Title: Message

It is 100% up to date with latest patches ;-)   ----- Original Message ----- From: Scott Damron To: [EMAIL PROTECTED] Sent: Thursday, September 11, 2003 8:53 AM Subject: RE: [smartBridges] HELP net traffic and where is it coming from Have you made sure your WIN2000 box is up to date?  The previous suggestion of running ethereal is about the only way you will truely know where it is coming from.   Scott -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Blazen Wireless Sent: Thursday, September 11, 2003 8:42 AM To: [EMAIL PROTECTED] Subject: Re: [smartBridges] HELP net traffic and where is it coming from Well it does not appear to be the mail linux box as much as it is the dns server win 2000 what's strange is I can physically unplug the cable from the box and the outgoing traffic stops yet the incoming is still going??? I unplug the wan and it goes away..   ----- Original Message ----- From: Scott Damron To: [EMAIL PROTECTED] Sent: Thursday, September 11, 2003 8:30 AM Subject: RE: [smartBridges] HELP net traffic and where is it coming from If you are running an old linux box that you don't have a root password for, that means it is more than likely out of date as far as patches go.  That means it could possibly be "Rooted" and that is not a good thing!!!  There are alot of DNS DDOS attachs out there, I would download ethereal and watch the traffic VERY closely for a couple of hours.   Scott -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Blazen Wireless Sent: Thursday, September 11, 2003 8:16 AM To: [EMAIL PROTECTED] Subject: [smartBridges] HELP net traffic and where is it coming from I have Brilan bandwidth control and for kicks I put my servers behind it and just yesterday I noticed that I have a steady 250kbps up and down on my DNS and my mail server I unplug the Lan connection to my T-1 and the problem goes away so I know it is not my wireless customers? I did a sweep and found nor worms on my 2000 machine I do have Linux 6.4 machine that I don't know root so cant run any kind of scan but it appears that it is coming from the WWW? how can I tell what IP or where this is coming from its almost like a DNS??? things are functioning normal but a little slow since this is taking some of the bandwidth?? can or would my ISP (megapath) be able to tell where it is coming from???   I have a strange feeling the WAR has started between me and the competition since they threatened to do something for their 3 customers jumping ship and coming to me because of their poor service!   I have TCP IP Dump but cant really see any thing specific to those IP addresses??   Martin & Steve Blazen Wireless www.blazenwireless.com