[lug] Strange Flooding on Sprint BBD network

Andy Jolley majolley at earthlink.net
Thu Oct 3 23:15:21 MDT 2002


I have the sprint broadand connection, and now my connection is being
flooded by (at least as shown in my TCPDUMP) as inbound radius.

I unplug my side of the router, and my Rx light is still solid, so I'm
pretty sure I'm not the one initiating this mess.

here's a snip of the TCPDUMP, it gets really big, really fast:

22:46:13.277878 211.183.127.124.radius > my.server.name.removed for
security.radius
:  rad-#0 60 [id 0] Attr[  Acct_out_packets Acct_out_packets
Acct_out_packets Ac
ct_out_packets Acct_out_packets Acct_out_packets Acct_out_packets
Acct_out_packe
ts Acct_out_packets Acct_out_packets Acct_out_packets Acct_out_packets
Acct_out_
packets Acct_out_packets Acct_out_packets Acct_out_packets Acct_out_packets
Acct
_out_packets Acct_out_packets Acct_out_packets Acct_out_packets
Acct_out_packets
 Acct_out_packets Acct_out_packets Acct_out_packets Acct_out_packets
Acct_out_pa
ckets Acct_out_packets Acct_out_packets Acct_out_packets Acct_out_packets
Acct_o
ut_packets Acct_out_packets Acct_out_packets Acct_out_packets
Acct_out_packets A
cct_out_packets Acct_out_packets Acct_out_packets Acct_out_packets
Acct_out_pack
ets Acct_out_packets A

At first I thought it was some server out there being really talky, but
everytime I run tcpdump, it looks like it comes from another host.

Sometimes I get the lines full of Term_action instead of Acct_out_packets.
I've just rebuilt my firewall (stock RH 7.3 - still in process) and I am
having trouble getting the /etc/sysconfig/iptables to work correctly, so
I've just manually pounded in the iptables commands to enable MASQ for
outbound surfing, so no real security in place, could that be it? I also
have apache 1.3.26 running, could it be related to the worm I've been
reading about?

Thanks
Andy J.




More information about the LUG mailing list