[ previous ] [ next ] [ threads ]
 
 From:  Eric Collins <eric at tawifi dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] How to limit max. number of NAT translation (sessions) on m0n0wall to single IP on LAN side
 Date:  Tue, 09 Nov 2004 16:33:11 -0700
I have seen this before! it turned out to be that nachi virus, took down 
our local whole net! (including a Cisco PIX firewall).
Try Ethereal like Travis suggested.

Travis Dixon wrote:

>On Wed, 10 Nov 2004, Hynek Cihlar wrote:
>
>  
>
>>Yes, we've tried the new beta, but with the same problem.
>>
>>But you are right, there is too many connections from the LAN side.
>>When we allow only the basic web services rejecting connections with
>>nonstandard destination ports, the problem wanishes, everything is
>>fine.
>>
>>However I don't think that this is the right solution to this. There
>>must be a more systematic approach.
>>
>>Can anyone help with this one?
>>
>>    
>>
>
>You probably have machines infected with the windows Worm-du-jour. These will
>generally cause so many connection that even commercial firewalls get overwhelmed.
>
>You should probably set up a machine with something like ethereal on the LAN side
>and look for the offending machines.
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>  
>

-- 
Eric Collins
Sr Network Administrator
Tawifi.com

Downtown Tucson WiFi Network
http://www.tawifi.com