Hi Jay,
I've just forwarded my tcpdump file to Ralf and await his interpretation.
Thanks for posting your dump. I don't really know what to look for in my
dump file. But, your file shows what I expected to find, but didn't.
That is, I don't have anything like:
... kris.jaycrews.com > ...
I di
Ralf Spenneberg writes
>
> Am Mit, 2003-02-26 um 22.18 schrieb Cliff Kent:
> > Oops... One More Time...
> >
> Hi Cliff,
>
> > I ran "tcpdump -X proto 2" as root for about 2 minutes today and
> > produced a 76 Kb text file. (The same command on a RH8 box here produced
> > nothing in and hou
Am Mit, 2003-02-26 um 22.18 schrieb Cliff Kent:
> Oops... One More Time...
>
Hi Cliff,
> I ran "tcpdump -X proto 2" as root for about 2 minutes today and
> produced a 76 Kb text file. (The same command on a RH8 box here produced
> nothing in and hour.)
>
> 13:56:52.679075 ny-auburn2c-319.abur
Oops... One More Time...
Ralf,
I reviewed the setup on the Linksys and it looks like it's still right.
I ran "tcpdump -X proto 2" as root for about 2 minutes today and
produced a 76 Kb text file. (The same command on a RH8 box here produced
nothing in and hour.)
I'm sure that the list doesn't
Ralf,
I reviewed the setup on the Linksys and it looks like it's still right.
I ran "tcpdump -X proto 2" as root for about 2 minutes today and
produced a 76 Kb text file. (The same command on a RH8 box here produced
nothing in and hour.)
I'm sure that the list doesn't need the full text of the
>> for launching an insider denial of service attack <<
Wow, there's a nasty concept. Especially in this case. The only insiders
are Red Hat and me.
Still, it's worth a look.
This is a two month old "fresh install" on new hardware. It has all of
the patches up through the end of January. And I
>> One IGMP packet every 2 minutes. <<
I have more like one packet every 2 seconds. Not enough to bother the
normal operation. Maybe as much as 500 bits per second. (I think)
>> I just drop them and haven't had any problems. <<
I'll recheck the Linksys router config. But, I THINK I'm already
b
>> look at the count of packets using the package "iptraf". <<
Thanks, I will.
Cliff
--
Psyche-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/psyche-list
>> Does your client use a fixed or a dynamic IP? <<
Internet connection is Adelphia cable modem. Dynamic IP via DHCP -
though the actual IP address hasn't changed in a year. Cable modem
connects to the private network through a Linksys cable/DSL router that
SHOULD be blocking all such unrequest
Yes looks like it can effect Linux. I don't know if this is related to your problrem.
The IGMP report suppression mechanism can be exploited for launching
an insider denial of service attack against a host connected to a
Multicast group.
Instead of sending a IGMP membership report to the Multic
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday 25 February 2003 08:07 pm, Jack Bowling wrote:
> Are you absolutely sure that the packets are coming from your box? Many
> cable ISPs use IGMP packets as a sort of "keep-alive, are you there?"
> to monitor the status of their network. They
On Tue, Feb 25, 2003 at 11:24:03PM +0100, Stefan Neufeind wrote:
> Does your box generate the IGMP or are you only receiving the
> packets? You might want to have a look at the count of packets using
> the package "iptraf".
>
> On 25 Feb 2003 at 15:13, Cliff Kent wrote:
>
> > I recently set up
Am Die, 2003-02-25 um 23.14 schrieb Cliff Kent:
> Thanks Ralf,
> >> Maybe it is just the receiver? <<
>
> Perhaps, but I've never built a linux IGMP "receiver" before either.
You do not have to build one. Maybe the provider just forwards these
packets to your client and you are the first to notic
Does your box generate the IGMP or are you only receiving the
packets? You might want to have a look at the count of packets using
the package "iptraf".
On 25 Feb 2003 at 15:13, Cliff Kent wrote:
> I recently set up a RH 8.0 "home network" server. It's very much like
> several others that I've
Thanks Ralf,
>> Are you sure that this traffic is generated by the linux box? <<
No, I'm not sure of much at this point.
Now that you mention it... I think I'll go back and clear the router
config and do it over. That router's been in place for a year or two.
>> Maybe it is just the receiver?
Am Die, 2003-02-25 um 21.13 schrieb Cliff Kent:
>
> Seems like I've seen this traffic from windows. But, never from linux
> before.
Are you sure that this traffic is generated by the linux box? Maybe it
is just the receiver?
Can you post a tcpdump -X proto 2
Cheers,
Ralf
>
> Does anybody know
16 matches
Mail list logo
