RE: Re: [fw-wiz] Wayyy too many spoofed packets
From: Daniel Linder (dan_linder_at_yahoo.com)
To: Bill@royds.net, 'Chris de Vidal' <firstname.lastname@example.org> Date: Mon, 24 Nov 2003 20:21:32 -0800 (PST)
Can you setup the iptables rules on the other machines to log
broadcasts from your "suspect" server and see if they see it coming in
at the same time too? I would guess that your first server has Samba
running and sending SMB broadcasts to the network, and the iptables is
seeing the traffic. Does the iptables log keep the MAC address? Might
help you track it down.
--- Bill Royds <email@example.com> wrote:
> As Frank said, you machine is sending broadcasts on both interfaces
> Samba. So you see the broadcasts as received as well. It is not
> coming from
> the net but from your machine itself.
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
firewall-wizards mailing list