No like I reported earlier it was coming form the outside in from that specific IP address my partner went and yelled at that ISP and GEE the problem stopped . They claimed we were attacking the<< HMM funny how it shows the complete opposite..
----- Original Message ----- From: "Leonel Garcia Rosas" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, September 11, 2003 10:38 AM Subject: Re: [smartBridges] HELP net traffic and where is it coming from In that case, I will use iptraf in the linux box It's a very good utility that can monitor every packet in/out of the machine Do you have the Linux box as a firewall? WAN----Router----eth0 Linux eth1----Your LAN/Wireless that's the ideal configuration, linux can help a lot monitoring/securing your lan when you found where the traffic is coming, you can ask your ISP to block that ip range and stop eating your bandwidth One cause, remember Blaster, machines with that virus scan IP randomly may be some of your clients has the virus and are scanning IP to the outside of your network Other possible cause, If some of customers are downloading from a P2P application (Kazaaaaaaaaaaaaa) when you disconnect the wan, all the traffic stops, thats normal, so, you can not relay on this to discard the fact that the traffic is from/to some of your customers -- --- Leonel Garcia Rosas PREGA Sistemas Puebla 421 Nte. Cd. Obregon, Sonora Tel.- (644) 415-3394 Blazen Wireless wrote: > question how do you set up the filter?? it asks for a name I made it > test but it also wants a filter string?? do I put anything in for that? > > Thanks please contact me off line if needed so as not to tie up > resources here on the forum > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > ----- Original Message ----- > From: Scott Damron <mailto:[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > Sent: Thursday, September 11, 2003 8:53 AM > Subject: RE: [smartBridges] HELP net traffic and where is it > coming from > > Have you made sure your WIN2000 box is up to date? The previous > suggestion of running ethereal is about the only way you will > truely know where it is coming from. > > Scott > > -----Original Message----- > From: [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > [mailto:[EMAIL PROTECTED] On Behalf Of Blazen > Wireless > Sent: Thursday, September 11, 2003 8:42 AM > To: [EMAIL PROTECTED] > Subject: Re: [smartBridges] HELP net traffic and where is it > coming from > > Well it does not appear to be the mail linux box as much as it > is the dns server win 2000 what's strange is I can physically > unplug the cable from the box and the outgoing traffic stops > yet the incoming is still going??? I unplug the wan and it > goes away.. > > > ----- Original Message ----- > From: Scott Damron <mailto:[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]> > Sent: Thursday, September 11, 2003 8:30 AM > Subject: RE: [smartBridges] HELP net traffic and where is > it coming from > > If you are running an old linux box that you don't have a > root password for, that means it is more than likely out > of date as far as patches go. That means it could > possibly be "Rooted" and that is not a good thing!!! > There are alot of DNS DDOS attachs out there, I would > download ethereal and watch the traffic VERY closely for a > couple of hours. > > Scott > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Blazen Wireless > Sent: Thursday, September 11, 2003 8:16 AM > To: [EMAIL PROTECTED] > Subject: [smartBridges] HELP net traffic and where is > it coming from > > I have Brilan bandwidth control and for kicks I put my > servers behind it and just yesterday I noticed that I > have a steady 250kbps up and down on my DNS and my > mail server I unplug the Lan connection to my T-1 and > the problem goes away so I know it is not my wireless > customers? I did a sweep and found nor worms on my > 2000 machine I do have Linux 6.4 machine that I don't > know root so cant run any kind of scan but it appears > that it is coming from the WWW? how can I tell what IP > or where this is coming from its almost like a DNS??? > things are functioning normal but a little slow since > this is taking some of the bandwidth?? can or would my > ISP (megapath) be able to tell where it is coming from??? > > I have a strange feeling the WAR has started between > me and the competition since they threatened to do > something for their 3 customers jumping ship and > coming to me because of their poor service! > > I have TCP IP Dump but cant really see any thing > specific to those IP addresses?? > > Martin & Steve > Blazen Wireless > > www.blazenwireless.com <http://www.blazenwireless.com> > ----------ANNOUNCEMENT---------- Don't forget to register for WISPCON IV http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm The PART-15.ORG smartBridges Discussion List To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) Archives: http://archives.part-15.org ----------ANNOUNCEMENT---------- Don't forget to register for WISPCON IV http://www.wispcon.info/us/wispcon-iv/wispcon-iv.htm The PART-15.ORG smartBridges Discussion List To Join: mailto:[EMAIL PROTECTED] (in the body type subscribe smartBridges <yournickname> To Remove: mailto:[EMAIL PROTECTED] (in the body type unsubscribe smartBridges) Archives: http://archives.part-15.org
