Re: [smartBridges] HELP net traffic and where is it coming from

[Colin Watson]

Title: Message

The best thing for you to do is deny or shape (possibly with BriLan?) all icmp traffic reaching vital machines. This at least will stop them ping flooding you. If you've got a cisco router you can do this with Access Control Lists pretty easily. If not, then you can either put a firewall between your vital machines and your public network, or, stick firewall software on the PC's and deny access to icmp port-bound traffic. Personally, I'd favour a mix of traffic shaping and firewalling, that way if they were (to be devious/intelligent enough) to attack you with DDOS or other forms, the traffic would not overrun your machines. ----- Original Message ----- From: Blazen Wireless To: [EMAIL PROTECTED] Sent: Thursday, September 11, 2003 5:50 PM Subject: Re: [smartBridges] HELP net traffic and where is it coming from I don't have ping.exe in there?? I also tried ICMP I am calling my provider to block both their class C blocks from ever getting to me. My partner went to go pay them a visit OHH man I feel sorry for them HE IS PISSED!       ----- Original Message ----- From: Bobby Bounds To: [EMAIL PROTECTED] Sent: Thursday, September 11, 2003 9:25 AM Subject: Re: [smartBridges] HELP net traffic and where is it coming from On your Win2K box, go to 'Services' and look for ping.exe. ----- Original Message ----- From: Blazen Wireless To: [EMAIL PROTECTED] Sent: Thursday, September 11, 2003 9:42 AM Subject: Re: [smartBridges] HELP net traffic and where is it coming from Well it does not appear to be the mail linux box as much as it is the dns server win 2000 what's strange is I can physically unplug the cable from the box and the outgoing traffic stops yet the incoming is still going??? I unplug the wan and it goes away..   ----- Original Message ----- From: Scott Damron To: [EMAIL PROTECTED] Sent: Thursday, September 11, 2003 8:30 AM Subject: RE: [smartBridges] HELP net traffic and where is it coming from If you are running an old linux box that you don't have a root password for, that means it is more than likely out of date as far as patches go.  That means it could possibly be "Rooted" and that is not a good thing!!!  There are alot of DNS DDOS attachs out there, I would download ethereal and watch the traffic VERY closely for a couple of hours.   Scott -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Blazen Wireless Sent: Thursday, September 11, 2003 8:16 AM To: [EMAIL PROTECTED] Subject: [smartBridges] HELP net traffic and where is it coming from I have Brilan bandwidth control and for kicks I put my servers behind it and just yesterday I noticed that I have a steady 250kbps up and down on my DNS and my mail server I unplug the Lan connection to my T-1 and the problem goes away so I know it is not my wireless customers? I did a sweep and found nor worms on my 2000 machine I do have Linux 6.4 machine that I don't know root so cant run any kind of scan but it appears that it is coming from the WWW? how can I tell what IP or where this is coming from its almost like a DNS??? things are functioning normal but a little slow since this is taking some of the bandwidth?? can or would my ISP (megapath) be able to tell where it is coming from???   I have a strange feeling the WAR has started between me and the competition since they threatened to do something for their 3 customers jumping ship and coming to me because of their poor service!   I have TCP IP Dump but cant really see any thing specific to those IP addresses??   Martin & Steve Blazen Wireless www.blazenwireless.com