LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-05-2009, 06:56 AM   #1
sabir_mustafa
Member
 
Registered: Aug 2009
Location: Rawalpindi
Distribution: RHEL 5, CentOS
Posts: 38

Rep: Reputation: 16
Question Broadcast to unknown IP addresses


Dear all:
Recently i have deployed squirrel mail 1.4 on a RHEL5 box at client internal network. Every thing is running fine but one of my ip tools has detected e numerous broad cast to different IP addresses like 192.x.x.x or 151.x.x.x or 153.x.x.x.
I am not much worried since the company is using this email service inside their internal perimeter, but i want to know what exactly is going on. Does I need to configure iptables to block such broad cast?

Thanks
 
Old 08-05-2009, 11:21 AM   #2
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 26,553

Rep: Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946Reputation: 7946
Quote:
Originally Posted by sabir_mustafa View Post
Dear all:
Recently i have deployed squirrel mail 1.4 on a RHEL5 box at client internal network. Every thing is running fine but one of my ip tools has detected e numerous broad cast to different IP addresses like 192.x.x.x or 151.x.x.x or 153.x.x.x.
I am not much worried since the company is using this email service inside their internal perimeter, but i want to know what exactly is going on. Does I need to configure iptables to block such broad cast?

Thanks
Hard to say...you don't say what "ip tool" is returning this information, in what circumstance, or give any details about your network. Since we don't know what IP ranges you use internally, what the exact output of the "ip tools" is, it's hard to say if it's normal or not.
 
Old 08-07-2009, 12:30 AM   #3
sabir_mustafa
Member
 
Registered: Aug 2009
Location: Rawalpindi
Distribution: RHEL 5, CentOS
Posts: 38

Original Poster
Rep: Reputation: 16
Dear all:
I have carefully reviewed the network. The tools I m using are "wire shark" and "com view". The broad cast that I have recorded is from my mail server to external IP addresses, I already mentioned. Now i can't understand why is this happening.
 
Old 08-07-2009, 03:44 AM   #4
nowonmai
Member
 
Registered: Jun 2003
Posts: 481

Rep: Reputation: 48
What else does wireshark say about the packets? It should give enough detail to determine what's going on.
 
Old 08-07-2009, 05:16 PM   #5
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 158Reputation: 158
Posting some of the packets to the forum may help us understand what the issue may be. If you post some, sanitize any crucial data you may not want to be showing to the public.
 
Old 08-08-2009, 06:47 AM   #6
sabir_mustafa
Member
 
Registered: Aug 2009
Location: Rawalpindi
Distribution: RHEL 5, CentOS
Posts: 38

Original Poster
Rep: Reputation: 16
I shall post the packet on monday. As today i m on rest from company.
 
Old 08-11-2009, 07:53 AM   #7
sabir_mustafa
Member
 
Registered: Aug 2009
Location: Rawalpindi
Distribution: RHEL 5, CentOS
Posts: 38

Original Poster
Rep: Reputation: 16
Quote:
Originally Posted by unixfool View Post
Posting some of the packets to the forum may help us understand what the issue may be. If you post some, sanitize any crucial data you may not want to be showing to the public.
I have checked all the data in wireshark. It is an ARP broad cast from mail server IP address and MAC to the x.x.x.x IP address and all 00:00 MAC. Is it OK.

Last edited by sabir_mustafa; 08-11-2009 at 07:54 AM.
 
Old 08-26-2009, 10:26 PM   #8
sabir_mustafa
Member
 
Registered: Aug 2009
Location: Rawalpindi
Distribution: RHEL 5, CentOS
Posts: 38

Original Poster
Rep: Reputation: 16
Well: I got control of it. I used IPTABLES to block broad cast from mail server to any other network except specified trusted networks, further binding a custom https port through which clients can access the server.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
unknown IP addresses showing up in nmap Gortex Linux - Security 19 02-27-2009 08:29 AM
Binding 2 NICs (MAC addresses) to 2 IP Addresses in same Subnet RedHat EL4.0 skhira Linux - Networking 13 02-24-2008 08:16 PM
Binding 2 NICs (MAC addresses) to 2 IP Addresses in same Subnet RedHat EL4.0 skhira Linux - Networking 1 02-09-2008 07:17 AM
mechanics of mapping process memory addresses to physical addresses on amd64 Tischbein Linux - Kernel 2 02-01-2007 08:09 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration