LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 07-26-2005, 10:56 PM   #1
nazib
LQ Newbie
 
Registered: Nov 2004
Location: bangladesh
Distribution: Redhat 9
Posts: 23

Rep: Reputation: 15
ff:ff:ff:ff...mac address is consuming my network bandwidth


Hi all,

I am having problem in my linux server.
I am using redhat 9.0 with default iptables rpm.
I have Nat of this server. I run iptraf and found the following broadcast mac address ff:ff:ff:ff:ff:ff This mac address is creating problem in my network. A buch of bandwidth is consuming by that mac.

can any one tell me for stop this mac address or solve the Broadcast problem.

Regards,
Nazib
 
Old 07-27-2005, 01:26 AM   #2
gd2shoe
Member
 
Registered: Jun 2004
Location: Northern CA
Distribution: Debian
Posts: 835

Rep: Reputation: 49
If your network can handle such a brute force solution, you could just start disconnecting network plugs until it stops. In most situations, you should be able to find the offending machine.
 
Old 07-27-2005, 09:56 AM   #3
Half_Elf
Guru
 
Registered: Sep 2001
Location: Montreal, Canada
Distribution: Slackware; Debian; Gentoo...
Posts: 2,163

Rep: Reputation: 45
ff:ff:ff:ff is just an impossible MAC address. It is the "everyone" mac address. Back in college I wrote something in my computer science course about the possibility of crashing a network in a DDOS way spoofing the Mac address to this value. "ff:ff:ff:ff" refer to everyone, and, as "everyone" would try to answer to "everyone", you quickly end in a nightmare situation, at least in theory, it is quite hard to forge packet this way and this kind of trick is patched since age.

Still, look like you are under attack from a ghost... If you suspect this to come from the internet you might want to notice your ISP, they may have some "trace" or hints about who is doing this (ultimately banning him). But for now, there isn't much to do, even if you block this address, the packet will reach your network (as the iptables rules are checked once the network card got the trafic, of course), crafting a rules to (try to) ban this would most likely result in a cpu consumtion without any result of the flood... if you want to try anyways, I suppose we could help you, but we will need your kernel version and your iptables version (iptables prior to 1.2.7 on kernel 2.4 was a bit basic about making rules on mac address if I remember right).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Changing Mac Address on Network Card? neopiper Linux - Networking 10 11-21-2007 02:14 AM
script that can pull ip and mac address off the network thefedexguy Linux - Networking 1 11-29-2005 03:10 PM
Network configuration returns MAC address in the lower case Julianus Fedora 0 11-14-2004 02:38 PM
MAC address? DHCP - Home Network ntwkthtbtch Linux - Newbie 2 08-24-2004 07:08 AM
How to control the bandwidth by clients' MAC address(in REdHat 7.2)? yuzuohong Linux - Networking 1 05-12-2002 06:34 AM


All times are GMT -5. The time now is 01:45 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration