CANT STOP THE PACKETS!!!

From: Paul (tjenkins1@yahoo.com)
Date: 02/16/03

• Next message: Felinux: "Features for a monitoring tool"
• Previous message: David: "Re: Port 4662, 10 times more packets since november"
• Next in thread: steve harris: "Re: CANT STOP THE PACKETS!!!"
• Reply: steve harris: "Re: CANT STOP THE PACKETS!!!"
• Reply: Row: "Re: CANT STOP THE PACKETS!!!"
• Reply: Paul: "Re: CANT STOP THE PACKETS!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: "Paul" <tjenkins1@yahoo.com>
Date: Sun, 16 Feb 2003 03:07:45 GMT

I have a multi-homed 98 box that keeps sending requests to my linux
firewall/router and filling up the log partition so that the web proxy goes
down!

Details:

1st nic on a class c routable network for local and WAN traffic to another
office across town
2nd nic on a non-routable class A 10.0.0.0 for access to the firewall of
upstairs LAN connected to the net by cable modem.
Have a .bat in startup adding the route for the firewall to the routing
table on the 98 machine since can have only one default gateway in win98, or
so I am told.

Everything was working great for a week than the web proxy started shutting
down due to a filled up log partition on the firewall. Checked the /var/log
dir and /var/log/squid dirs on the firewall and found HUGE log files.
Checked them and they are logging attempts from the multi-homed 98 box to
access a website called http://www.3nt.com.br/ like thousands of times per
minute. I dont know what process is sending these requests or how to stop
them and still maintain internet browsing for the machine.

Any suggestions as to how to stop these offending url requests from leaving
the 98 box? How can I identify the offending process and kill it
permanently?

---

• Next message: Felinux: "Features for a monitoring tool"
• Previous message: David: "Re: Port 4662, 10 times more packets since november"
• Next in thread: steve harris: "Re: CANT STOP THE PACKETS!!!"
• Reply: steve harris: "Re: CANT STOP THE PACKETS!!!"
• Reply: Row: "Re: CANT STOP THE PACKETS!!!"
• Reply: Paul: "Re: CANT STOP THE PACKETS!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: CANT STOP THE PACKETS!!! ... >firewall/router and filling up the log partition so that the web proxy goes ... >Have a .bat in startup adding the route for the firewall to the routing ... >down due to a filled up log partition on the firewall. ... How can I identify the offending process and kill it ... (comp.os.linux.security) Re: CANT STOP THE PACKETS!!! ... > firewall/router and filling up the log partition so that the web proxy ... > Have a .bat in startup adding the route for the firewall to the routing ... > shutting down due to a filled up log partition on the firewall. ... > Any suggestions as to how to stop these offending url requests from ... (comp.os.linux.security) Re: Network Firewall/Routing Solution ... Cisco router w/ Firewall IOS, ... > not working properly at all with multiple network cards. ... > I will need to deal with inbound web and ftp requests from the ... > non-pasv connections. ... (comp.security.firewalls) Re: IDS and SSL ... invalid requests not just detection. ... In English: attacks against ... The web application firewall ... Quite frankly I wouldn’t put a web server of any worth ... (Vuln-Dev) Re: Excluding internal IPs from being proxied ... This log entry says that since I do not have firewall policy that allows web ... the request is denied. ... *correctly* treats the request as being destined to the internal network, ... The point is the request should *never* be processed by web proxy ... (microsoft.public.isa)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.os.linux.security  > 2003-02