RE: Re: [fw-wiz] Wayyy too many spoofed packets

From: Daniel Linder (dan_linder_at_yahoo.com)
Date: 11/25/03

  • Next message: Chris de Vidal: "RE: Re: [fw-wiz] Wayyy too many spoofed packets"
    To: Bill@royds.net, 'Chris de Vidal' <chris@devidal.tv>
    Date: Mon, 24 Nov 2003 20:21:32 -0800 (PST)
    
    

    Can you setup the iptables rules on the other machines to log
    broadcasts from your "suspect" server and see if they see it coming in
    at the same time too? I would guess that your first server has Samba
    running and sending SMB broadcasts to the network, and the iptables is
    seeing the traffic. Does the iptables log keep the MAC address? Might
    help you track it down.

    Dan

    --- Bill Royds <broyds@rogers.com> wrote:
    > As Frank said, you machine is sending broadcasts on both interfaces
    > for
    > Samba. So you see the broadcasts as received as well. It is not
    > coming from
    > the net but from your machine itself.

    __________________________________
    Do you Yahoo!?
    Protect your identity with Yahoo! Mail AddressGuard
    http://antispam.yahoo.com/whatsnewfree
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Chris de Vidal: "RE: Re: [fw-wiz] Wayyy too many spoofed packets"