Re: strange upd traffic (ipchains newbie)
On Thu, Jul 13, 2000 at 05:49:43PM +0200, L. Besselink wrote:
> > on accounting rule is:
> > ipchains -A output -d 193.101.57.0/24 -p udp -j ACCEPT
> >
> > "ipchains -L -v" tells me that there is a lot of traffic.
> > (15M/day!)
That's not wholly surprising. It's not an accounting rule, though - how do you
know what the packets are if you don't log them?
> > But "netstat -u" tells me that there is no connection
That's hardly surprising, as UDP is a connectionless protocol...
> Do you have any broadcasts going around ? a lot of them are also UDP, a good
> example is windows networking (also known as SMB). The larger the network
> the more broadcasts you'll see, the more MB's it will generate per day. I'm
> not sure what the frequenty is, but it be something like 1 small packet per
> 60 seconds per machine.
Possibly - although I'm not convinced that once per minute is all that well
configured a machine, myself.
The OP might find ipchains -l and `iptraf' useful for a further break-down of
what port/services are most involved, I think.
~Tim
--
| Geek Code: GCS dpu s-:+ a-- C++++ UBLUAVHSC++++ P+++ L++ E--- W+++(--) N++
| w--- O- M-- V-- PS PGP++ t--- X+(-) b D+ G e++(*) h++(*) r--- y-
| So shine on, harvest moon, | http://piglet.is.dreaming.org/
| Cast your might on the ripening corn | piglet@glutinous.custard.org
Reply to: