[lug] ipchains and ntop
D. Stimits
stimits at idcomm.com
Wed Mar 21 12:12:02 MST 2001
"Atkinson, Chip" wrote:
>
> Greetings,
>
> I have a machine that is connected to the lan here at work. Occasionally I
> get a flood of multicast packets from 10.2.10.181 which bogs down my
> machine. I found out what was going on by using ntop. To stop it, I put in
> some ipchains rules that I thought would screen out the problem. All this
> was about 2 weeks ago or longer. Here's what ipchains -L shows:
>
> [root at northglenn /root]# ipchains -L
> Chain input (policy ACCEPT):
> target prot opt source destination ports
> DENY all ------ 206.246.40.167 anywhere n/a
> DENY all ------ 206.246.40.169 anywhere n/a
> DENY all ------ 10.2.10.181 anywhere n/a
> DENY all ------ 10.2.20.181 anywhere n/a
> DENY all ------ anywhere 10.2.10.181 n/a
> DENY all ------ anywhere 10.2.20.181 n/a
> DENY all ------ anywhere 206.246.40.167 n/a
> DENY all ------ anywhere 206.246.40.169 n/a
> DENY all ------ anywhere 206.246.40.168 n/a
> DENY all ------ 206.246.40.168 anywhere n/a
> Chain forward (policy ACCEPT):
> Chain output (policy ACCEPT):
> [root at northglenn /root]#
>
> Just now I had the same slowdown from the same machine. Now I'm wondering
> if anyone knows why ntop can even see the packets from 10.2.10.181, and yet
> it can as ntop shows.
>
> Chip
Turn on logging for the multicast denies and see if it shows up. Maybe
it isn't really catching it.
More information about the LUG
mailing list