[lug] ipchains and ntop
Atkinson, Chip
CAtkinson at Circadence.com
Wed Mar 21 11:49:09 MST 2001
Greetings,
I have a machine that is connected to the lan here at work. Occasionally I
get a flood of multicast packets from 10.2.10.181 which bogs down my
machine. I found out what was going on by using ntop. To stop it, I put in
some ipchains rules that I thought would screen out the problem. All this
was about 2 weeks ago or longer. Here's what ipchains -L shows:
[root at northglenn /root]# ipchains -L
Chain input (policy ACCEPT):
target prot opt source destination ports
DENY all ------ 206.246.40.167 anywhere n/a
DENY all ------ 206.246.40.169 anywhere n/a
DENY all ------ 10.2.10.181 anywhere n/a
DENY all ------ 10.2.20.181 anywhere n/a
DENY all ------ anywhere 10.2.10.181 n/a
DENY all ------ anywhere 10.2.20.181 n/a
DENY all ------ anywhere 206.246.40.167 n/a
DENY all ------ anywhere 206.246.40.169 n/a
DENY all ------ anywhere 206.246.40.168 n/a
DENY all ------ 206.246.40.168 anywhere n/a
Chain forward (policy ACCEPT):
Chain output (policy ACCEPT):
[root at northglenn /root]#
Just now I had the same slowdown from the same machine. Now I'm wondering
if anyone knows why ntop can even see the packets from 10.2.10.181, and yet
it can as ntop shows.
Chip
More information about the LUG
mailing list