RE: Re: [fw-wiz] Wayyy too many spoofed packets

From: Chris de Vidal (chris_at_devidal.tv)
Date: 11/25/03

  • Next message: Wes Noonan: "[fw-wiz] Problem with TCP 1433, conduits and ACLs..."
    To: "Daniel Linder" <dan_linder@yahoo.com>
    Date: Tue, 25 Nov 2003 00:03:43 -0500 (EST)
    
    

    Daniel Linder said:
    > Can you setup the iptables rules on the other machines to log
    > broadcasts from your "suspect" server and see if they see it coming in
    > at the same time too? I would guess that your first server has Samba
    > running and sending SMB broadcasts to the network, and the iptables is
    > seeing the traffic. Does the iptables log keep the MAC address? Might
    > help you track it down.

    Good ideas. Nope, it does not show the MAC.

    I suspect I'll have to wait 'til after Thanksgiving to work on this.. I
    hoped to backend two PCs with a crossover and see what I see.

    Thanks!
    /dev/idal
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Wes Noonan: "[fw-wiz] Problem with TCP 1433, conduits and ACLs..."