Pings
Gardner Bell
gbell72-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Tue Sep 30 20:07:21 UTC 2003
How difucult would it be to redirect my logs to my windows machine so I can copy
them to a floppy and then review them from it? It doesn't sound too difficult,
just something I've personally never done before. Last nite is where I noticed
my network come to almost a standstill when trying to open up the simplest of
pages such as google.com, any idea why this would have happened, maybe it was
peak time for Roger's but I've never really noticed this in the past.
--
Gardner Bell - personal site www.gamecraze.net
GPG Fingerprint
C6F5 39E1 9E9A 9FAC 9DCE 78A3 9C8B 39F4 0895 FD3F
On Tue, 30 Sep 2003, Keith Mastin wrote:
>
> > I've killed off icmp echo requests long ago actually, I just find it
> > more a nuisance that these people persist daily and nightly to find an
> > opening in my firewall.
>
> A lot of that junk is generated by worms seeking out new customers, or
> poorly configured (windoh$) machines. You should see a fair amount of
> action on ports 113, 137, 445, 1361, 1443, and 53 udp. There is nothing to
> do to stop all that from hitting your machine at the firewall, as it comes
> via routing rather than broadcast.
>
> > And as Mr Sonne suggested I'd much rather have
> > someone scan my entire network with -PO before pinging me because it
> > seems to be slowing my network down at times to a complete crawl with
> > them occurring as often as they do. Thanks for your replies
>
> Seeing as how the whole purpose of the logs is to be able to backtrack
> over events, I wouldn't want to stop logging these attempts. You might log
> them somewhere else though. Send kernel logging to a new log file, maybe
> /var/log/kern? You could also send it to the console, but then the data
> could easily be lost forever.
>
> Pings might slow down your network if the packet sizes are messed up,
> someone sending packets sized over the MTUs you use on your network
> (default is generally 1500).
>
> Fragmentation support in your firewall also carries some resource load
> restraints, as does stateful packet filtering, so that might slow down
> your firewall, but it shouldn't bring the entire INT_LAN to a crawl.
>
>
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list