On 10 Sep 2000, Nasir Mahmood wrote:
> 00:05:73:08:b5:44 (every time I get same mac but diff. IP)
> Its consuming my costly bandwidth heavily.
>
> Please favour me & guide me the following:
>
> 1. How I can trace orginal Ip from above Mac.
First, you should check if those different IP's are real. Sometimes
attacks from different IP's come from different compromised systems
(usually controlled with Trinoo, or the like DDoS systems) with _real_ IP
addresses, or with spoofed addresses.
If it's the former, contact the administrators of those networks, at
least.
Tracing spoofed IP addresses is not in practice possible. In theory, you
can check where that spoofed traffic is coming from using MAC addresses on
_every_ router upstream, but that's not often done.
Check with e.g. 'arp -a' which IP corresponds to that MAC address. Almost
certainly, it's your router. From there, if the traffic is still going
on, you can check the next MAC address and the corresponding router, and
so on...
At any rate, contacting your upstream network provider would probably be a
good thing to do, too.
> 2. How I can stop DoS attack.
Contact your upstream network provider.
> 3. I have changed Lan Cards, but I can't afford to change Modem Pool.
This won't help any.
--
Pekka Savola "Tell me of difficulties surmounted,
[EMAIL PROTECTED] not those you stumble over and fall"
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
