RE: [smartBridges] HELP net traffic and where is it coming from

[Scott Damron]

Title: Message

I would personally block any icmp at the router.  Not all icmp but if you lookup on cisco.com you should see which to block.  It sounds like possibly you have some folks with the slammer virus.   Scott -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Blazen Wireless Sent: Thursday, September 11, 2003 9:07 AM To: [EMAIL PROTECTED] Subject: Re: [smartBridges] HELP net traffic and where is it coming from Well right now not much traffic okay I did  scan for 2 in it said 35% ICMP would that be the culprit and it was coming form 209.234.200.143     ----- Original Message ----- From: Colin Watson To: [EMAIL PROTECTED] Sent: Thursday, September 11, 2003 9:00 AM Subject: Re: [smartBridges] HELP net traffic and where is it coming from You can load etheral onto the dns/mail pc's and do the traffic sniff there if u want. I usually just plug my laptop in and let it get on with it. I have a thing about jinxing production machines - especially when they are working and customers are using em ;) ----- Original Message ----- From: Blazen Wireless To: [EMAIL PROTECTED] Sent: Thursday, September 11, 2003 4:48 PM Subject: Re: [smartBridges] HELP net traffic and where is it coming from I forgot I had that open extra that has ethereal.... can I load it direct on the PC having the problems??   ----- Original Message ----- From: Colin Watson To: [EMAIL PROTECTED] Sent: Thursday, September 11, 2003 8:41 AM Subject: Re: [smartBridges] HELP net traffic and where is it coming from Plug a laptop into the switch the mailserver + dns are attached too, run ethereal (win32 version on XP works nicely) and set it to capture packets. Leave it capturing then filter the output. Should be able to see where the traffic flow is coming from especially if you filter out all but those packets heading too and from your DNS/Mail servers IP's.   ----- Original Message ----- From: Blazen Wireless To: [EMAIL PROTECTED] Sent: Thursday, September 11, 2003 4:16 PM Subject: [smartBridges] HELP net traffic and where is it coming from I have Brilan bandwidth control and for kicks I put my servers behind it and just yesterday I noticed that I have a steady 250kbps up and down on my DNS and my mail server I unplug the Lan connection to my T-1 and the problem goes away so I know it is not my wireless customers? I did a sweep and found nor worms on my 2000 machine I do have Linux 6.4 machine that I don't know root so cant run any kind of scan but it appears that it is coming from the WWW? how can I tell what IP or where this is coming from its almost like a DNS??? things are functioning normal but a little slow since this is taking some of the bandwidth?? can or would my ISP (megapath) be able to tell where it is coming from???   I have a strange feeling the WAR has started between me and the competition since they threatened to do something for their 3 customers jumping ship and coming to me because of their poor service!   I have TCP IP Dump but cant really see any thing specific to those IP addresses??   Martin & Steve Blazen Wireless www.blazenwireless.com