How to stop the flood?

Dwayne Hottinger dhottinger at harrisonburg.k12.va.us
Fri Apr 29 00:04:52 CEST 2005


If that was the case, you should be able to find the culprints via a sniffer.  I
would watch for large amounts of icmp traffic and trace it back to the user. 
Do you also supply DHCP and DNS to your subnets?  If so you can glean through
the logs of each and get a W/S to IP name.  Shouldnt take much of a sniff to
get the culprits.  Most of the time DOS attacks are done unknowlingly by users.
 Usually try to head that off by ensuring patches and virus software is up to
date.  Although that isnt always foolproof.  If windows machines exist (and we
all have to live with them) than these things will be issues.

ddh


Quoting wkc <wkc at tarapine.co.nz>:

> R. DuFresne wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > defiantly, as others have hinted, not everything is a technical/firewall
> > issue.  Block the network access and let the user explain to their
> > manager why they are not able to complete their work.  If this is
> > consumer access, then you don't need their monies, send them on their
> > merry way of finding another ISP to abuse.
> >
> > Thanks,
> >
>
> Is there the possibility the users may not know they are causing a
> problem? Perhaps a virus or worm has arrived on their computer.
> You could try blocking access, see who complains and then have a chat to
> them.
> Just my 2 cents worth.
>
> --
> Keith Clethero
>
>
>
> System Administrator
> Taranaki Sawmills Ltd.
> Ph 06 7559000 x 816
>


--
Dwayne Hottinger
Network Administrator
Harrisonburg City Public Schools



More information about the netfilter mailing list