-   Linux - Security (
-   -   packet filtering (

majeztik 04-07-2005 01:48 AM

packet filtering
hi guys,

I admin a LAN every few months with about 200 ppl attending. Ofcourse the guys that come bring the blaster worm & varients with them.

Is it possible to setup some kind of packet filtering so that we can find who is broadcasting so that we can shut them down? I was thinkin along the lines of ethereal or something.

thanx in advance :)


Capt_Caveman 04-07-2005 03:18 AM

An IDS like snort or snort-inline is probably a good way to do it, especially if you want to have updateable signatures rather than just static rules. Ethereal will show you real-time captures, but unless you can identify malware by looking at raw packet payloads, then it likely won't be as effective.

razan 04-09-2005 01:34 AM

if u r using the iptables as firewall command and router then u can find from the following

use tail -f /var/log/message

this command will show all the continiou packets that has been generated by.

find out which source is generating the broad cast packets. and catch it for further filtering/investigation.

All times are GMT -5. The time now is 05:55 PM.