LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   packet filtering (https://www.linuxquestions.org/questions/linux-security-4/packet-filtering-310623/)

majeztik 04-07-2005 01:48 AM

packet filtering
 
hi guys,

I admin a LAN every few months with about 200 ppl attending. Ofcourse the guys that come bring the blaster worm & varients with them.

Is it possible to setup some kind of packet filtering so that we can find who is broadcasting so that we can shut them down? I was thinkin along the lines of ethereal or something.

thanx in advance :)

>josh

Capt_Caveman 04-07-2005 03:18 AM

An IDS like snort or snort-inline is probably a good way to do it, especially if you want to have updateable signatures rather than just static rules. Ethereal will show you real-time captures, but unless you can identify malware by looking at raw packet payloads, then it likely won't be as effective.

razan 04-09-2005 01:34 AM

HI
 
if u r using the iptables as firewall command and router then u can find from the following


use tail -f /var/log/message

this command will show all the continiou packets that has been generated by.

find out which source is generating the broad cast packets. and catch it for further filtering/investigation.


All times are GMT -5. The time now is 05:55 PM.