you mean people are trying to connect to your firewall ? in this event you
can run tcpdump and write a small filter to see the requests.
maybe something like 'tcpdump dst your.ip.address'.
cheers,
.truman.boyes.
---------------------------------------------
Don't suspect your friends -- turn them in!
-- "Brazil"
On Sat, 20 Jan 2001, jeremy cassidy wrote:
> Hi all,
>
> First of all thank you for all the responses, i should clarify what im
> asking. I run two NIC's and i want to be able to see who has asked for that
> ip.. i have set rules on ips that are blocked and they know they are
> supposed to go therem, yet i still see requests for the ips.. now when i
> question ppl on it they say oh its not us..
>
> I am looking to catch who it is, i thought maybe if i could get the mac
> address on who was requesting it, that i could catch the liar.
>
> The rest of the building runs behind the same firewall ( ipchains ) eth0
> eth1 and the IPS are allocated by a DHCP server ( windows nt 4.0 )
>
> Any thoughts on this would be helpful, i guess what i am asking is how do i
> catch the internal bandit.
>
> Thanks for the help
> Jeremy
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
