RE: Re: [fw-wiz] Wayyy too many spoofed packets

From: Chris de Vidal (chris_at_devidal.tv)
Date: 11/25/03

  • Next message: Wes Noonan: "[fw-wiz] Problem with TCP 1433, conduits and ACLs..."
    To: "Daniel Linder" <dan_linder@yahoo.com>
    Date: Tue, 25 Nov 2003 00:03:43 -0500 (EST)
    
    

    Daniel Linder said:
    > Can you setup the iptables rules on the other machines to log
    > broadcasts from your "suspect" server and see if they see it coming in
    > at the same time too? I would guess that your first server has Samba
    > running and sending SMB broadcasts to the network, and the iptables is
    > seeing the traffic. Does the iptables log keep the MAC address? Might
    > help you track it down.

    Good ideas. Nope, it does not show the MAC.

    I suspect I'll have to wait 'til after Thanksgiving to work on this.. I
    hoped to backend two PCs with a crossover and see what I see.

    Thanks!
    /dev/idal
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Wes Noonan: "[fw-wiz] Problem with TCP 1433, conduits and ACLs..."

    Relevant Pages

    • Re: Q: iptables rule generation software?
      ... > i am given the task to generate iptables rules for a few dozen machines. ... Then you can also block fragmented packets, ...
      (comp.os.linux.security)
    • Re: IpTables Question for Eth1
      ... "Re: IpTables Question for Eth1" to comp.os.linux.networking: ... using the mac module to do the actual matching against the desired MAC. ... >No. HTTP operates con 80/TCP only. ... >There's no need to specify individual ports or protocols since packets ...
      (comp.os.linux.networking)
    • Re: help on masquerading
      ... iptables -P FORWARD DROP ... Now wouldn't he be able to change the ip and still be connected because he still has the same hardware mac address and consume more bandwidth. ...
      (Debian-User)
    • IPTABLES netfilter mac drops
      ... I have a gentoo system with 2.4.26 kenel and 1.2.9 iptables. ... I have the kernel compiled with MAC netfilter. ... I am having difficulty achieving the desired result with this chain. ... Am I wrong thinking if a machine behind my firewall (on my inward network) that has ...
      (comp.os.linux.networking)
    • Re: mount nfs - Operation not permitted
      ... >>> Did I mention that I turned iptables off? ... >>> Maybe Mac's use insecure ports for nfs connections? ... >>> making the Mac use a secure port for nfs. ... > Yes, it works with iptables started, but the only established connection I ...
      (Fedora)