[ previous ] [ next ] [ threads ]
 From:  Travis Dixon <travisd at tubas dot net>
 To:  Hynek Cihlar <hynek dot cihlar at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] How to limit max. number of NAT translation (sessions) on m0n0wall to single IP on LAN side
 Date:  Tue, 9 Nov 2004 18:15:00 -0500 (EST)
On Wed, 10 Nov 2004, Hynek Cihlar wrote:

> Yes, we've tried the new beta, but with the same problem.
> But you are right, there is too many connections from the LAN side.
> When we allow only the basic web services rejecting connections with
> nonstandard destination ports, the problem wanishes, everything is
> fine.
> However I don't think that this is the right solution to this. There
> must be a more systematic approach.
> Can anyone help with this one?

You probably have machines infected with the windows Worm-du-jour. These will
generally cause so many connection that even commercial firewalls get overwhelmed.

You should probably set up a machine with something like ethereal on the LAN side
and look for the offending machines.