packet filtering
hi guys,
I admin a LAN every few months with about 200 ppl attending. Ofcourse the guys that come bring the blaster worm & varients with them. Is it possible to setup some kind of packet filtering so that we can find who is broadcasting so that we can shut them down? I was thinkin along the lines of ethereal or something. thanx in advance :) >josh |
An IDS like snort or snort-inline is probably a good way to do it, especially if you want to have updateable signatures rather than just static rules. Ethereal will show you real-time captures, but unless you can identify malware by looking at raw packet payloads, then it likely won't be as effective.
|
HI
if u r using the iptables as firewall command and router then u can find from the following
use tail -f /var/log/message this command will show all the continiou packets that has been generated by. find out which source is generating the broad cast packets. and catch it for further filtering/investigation. |
All times are GMT -5. The time now is 09:46 PM. |