LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-26-2005, 05:21 PM   #1
mcd
Member
 
Registered: Aug 2003
Location: Boulder, CO
Distribution: Slackware, RHEL, CentOS
Posts: 825

Rep: Reputation: 33
possibe DoS?


we're having a weird problem in my office. we have a dsl connection, with a server and 5 desktops connected to a hub, connected to a linksys router, connected to the dsl modem. for the last 2 weeks or so the network has been going down randomly for about 5 minutes at a time, usually 5-10 times a day. we've played with the hardware, swapping out the router and modem and i believe we've verified that the problem isn't the hub, router or cable modem. usually when the network does down we can ping the server and other computers, but the last two times that didn't work either (couldn't ping anything). since there were no changes made to the server or any of the computers on the network, i'm wracking my brain to think of something else to try.

could this be a DoS attack against the router? an icmp flood or something? i'm not sure what to look for....

EDIT: forgot to mention that the first thing i did was call our provider, but they ran tests on the line and said the connection looked fine.

Last edited by mcd; 04-26-2005 at 05:24 PM.
 
Old 04-26-2005, 06:03 PM   #2
damicatz
Member
 
Registered: May 2004
Distribution: FreeBSD 7, Debian "Squeeze", OpenBSD 4.5
Posts: 167

Rep: Reputation: 30
Try using Ethereal to packet sniff the network and see if anything unusual occurs.

If you have never used Ethereal before you can view the user's guide however it shouldn't be too hard to figure out the basics.
 
Old 04-26-2005, 06:14 PM   #3
mcd
Member
 
Registered: Aug 2003
Location: Boulder, CO
Distribution: Slackware, RHEL, CentOS
Posts: 825

Original Poster
Rep: Reputation: 33
similar to tcpdump? that's what i've used in the past. i can't remember though, does it listen promiscously by default to all traffic? if i run it on my laptop would i see icmp packets being received by the router? anyway, i'll give it a shot and see what i see.
 
Old 04-26-2005, 06:20 PM   #4
damicatz
Member
 
Registered: May 2004
Distribution: FreeBSD 7, Debian "Squeeze", OpenBSD 4.5
Posts: 167

Rep: Reputation: 30
Quote:
Originally posted by mcd
similar to tcpdump? that's what i've used in the past. i can't remember though, does it listen promiscously by default to all traffic? if i run it on my laptop would i see icmp packets being received by the router? anyway, i'll give it a shot and see what i see.
It is similar to tcpdump however it's interface is GTK based. You can make ethereal listen in promisc. mode provided you run it on an account that has the proper privilages (root).

If you are running a hub you should have no problems seeing all the traffic in the hub. The Linksys Gateway may be more difficult, I don't think Linksys Routers have spanning but you could try putting your sniffer in the DMZ.

Last edited by damicatz; 04-26-2005 at 06:21 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
color ls in dos? netquest1 General 2 10-17-2003 06:37 AM
Dos Emulator without Dos dtheorem Linux - Software 1 10-14-2003 01:18 PM
Dos Emulator without Dos dtheorem Linux - Software 1 10-14-2003 12:52 PM
Dos Eits0 General 2 06-06-2002 01:10 AM
DOS question ????? m1ke Linux - General 13 10-26-2001 01:15 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:15 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration