[lug] ipchains and ntop
Atkinson, Chip
CAtkinson at Circadence.com
Wed Mar 21 12:14:56 MST 2001
Good idea. Off to the man pages and howto's...
Thanks.
Chip
> -----Original Message-----
> From: D. Stimits [mailto:stimits at idcomm.com]
> Sent: Wednesday, March 21, 2001 12:12 PM
> To: lug at lug.boulder.co.us
> Subject: Re: [lug] ipchains and ntop
>
>
> "Atkinson, Chip" wrote:
> >
> > Greetings,
> >
> > I have a machine that is connected to the lan here at work.
> Occasionally I
> > get a flood of multicast packets from 10.2.10.181 which bogs down my
> > machine. I found out what was going on by using ntop. To
> stop it, I put in
> > some ipchains rules that I thought would screen out the
> problem. All this
> > was about 2 weeks ago or longer. Here's what ipchains -L shows:
> >
> > [root at northglenn /root]# ipchains -L
> > Chain input (policy ACCEPT):
> > target prot opt source destination
> ports
> > DENY all ------ 206.246.40.167 anywhere
> n/a
> > DENY all ------ 206.246.40.169 anywhere
> n/a
> > DENY all ------ 10.2.10.181 anywhere
> n/a
> > DENY all ------ 10.2.20.181 anywhere
> n/a
> > DENY all ------ anywhere 10.2.10.181
> n/a
> > DENY all ------ anywhere 10.2.20.181
> n/a
> > DENY all ------ anywhere 206.246.40.167
> n/a
> > DENY all ------ anywhere 206.246.40.169
> n/a
> > DENY all ------ anywhere 206.246.40.168
> n/a
> > DENY all ------ 206.246.40.168 anywhere
> n/a
> > Chain forward (policy ACCEPT):
> > Chain output (policy ACCEPT):
> > [root at northglenn /root]#
> >
> > Just now I had the same slowdown from the same machine.
> Now I'm wondering
> > if anyone knows why ntop can even see the packets from
> 10.2.10.181, and yet
> > it can as ntop shows.
> >
> > Chip
>
> Turn on logging for the multicast denies and see if it shows up. Maybe
> it isn't really catching it.
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
More information about the LUG
mailing list