On 10 Sep 2000, Nasir Mahmood wrote:
>I am experiencing Denial of Service Attack last many days. Most of you Help a
>lot. I have reformat my Proxy & authentication system. Even replaced my Lan
>cards.
>
>But I am continuously getting flood of bytes from different IPs. After
>detailed enquiry, I noted that I am getting bombarment from the following Mac
>Address:
>
>00:05:73:08:b5:44 (every time I get same mac but diff. IP)
>Its consuming my costly bandwidth heavily.
>
>Please favour me & guide me the following:
>
>1. How I can trace orginal Ip from above Mac.
You need to trace the MAC.
Type:
2 root@asdf:/# arp
Address HWtype HWaddress Flags Mask Iface
gw.capslock.lan ether 00:40:01:43:3E:AB C eth0
Using "arp n" will give the IP.
>2. How I can stop DoS attack.
By tracking down who is doing it. IP addresses may be
spoofed. looks like someone on your LAN is attacking. Since
your machines have been broken into by the sound of it, someone
could have set one of your own machines to flood your LAN.
>3. I have changed Lan Cards, but I can't afford to change Modem Pool.
I don't see how changing Lans or modems would help. That is IMHO
like changing the light bulbs in the room, or painting the room a
different color. ;o)
>4. Flood rate is 30 - 70k bytes/second.
Ouch. ;o)
You might want to try the [EMAIL PROTECTED]
mailing list.
--
Mike A. Harris - Computer Consultant - Capslock Consulting
Linux advocate, Open source advocate | Copyright 2000 all rights reserved
===============================================================
Be up to date on nerd news and stuff that matters: http://slashdot.org
_______________________________________________
Redhat-devel-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-devel-list
