RE: Re: [fw-wiz] Wayyy too many spoofed packets
From: Chris de Vidal (chris_at_devidal.tv)
To: "Daniel Linder" <email@example.com> Date: Tue, 25 Nov 2003 00:03:43 -0500 (EST)
Daniel Linder said:
> Can you setup the iptables rules on the other machines to log
> broadcasts from your "suspect" server and see if they see it coming in
> at the same time too? I would guess that your first server has Samba
> running and sending SMB broadcasts to the network, and the iptables is
> seeing the traffic. Does the iptables log keep the MAC address? Might
> help you track it down.
Good ideas. Nope, it does not show the MAC.
I suspect I'll have to wait 'til after Thanksgiving to work on this.. I
hoped to backend two PCs with a crossover and see what I see.
firewall-wizards mailing list