[ previous ] [ next ] [ threads ]
 
 From:  "C. Falconer" <cfalconer at avonside dot school dot nz>
 To:  eric at tawifi dot com, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] How to limit max. number of NAT translation (sessions) on m0n0wall to single IP on LAN side
 Date:  Wed, 10 Nov 2004 13:18:42 +1300 
Yeah - I just had a similar problem....  Some brilliant person found a plug
on the floor, and an empty ethernet socket above.  So they plug the plug
into the socket, forming a loop.

Now any decent switch should notice routing loops and partition one or the
other ports off until human help can fix it.  Not the cheap crap we have
here.

Needless to say, loops in your ethernet are bad, and could cause this same
behaviour.


-----Original Message-----
From: Eric Collins [mailto:eric at tawifi dot com] 
Sent: Wednesday, 10 November 2004 12:33 p.m.
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] How to limit max. number of NAT translation
(sessions) on m0n0wall to single IP on LAN side


I have seen this before! it turned out to be that nachi virus, took down 
our local whole net! (including a Cisco PIX firewall).
Try Ethereal like Travis suggested.

Travis Dixon wrote:

>On Wed, 10 Nov 2004, Hynek Cihlar wrote:
>
>  
>
>>Yes, we've tried the new beta, but with the same problem.
>>
>>But you are right, there is too many connections from the LAN side. 
>>When we allow only the basic web services rejecting connections with 
>>nonstandard destination ports, the problem wanishes, everything is 
>>fine.
>>
>>However I don't think that this is the right solution to this. There 
>>must be a more systematic approach.
>>
>>Can anyone help with this one?
>>
>>    
>>
>
>You probably have machines infected with the windows Worm-du-jour. 
>These will generally cause so many connection that even commercial 
>firewalls get overwhelmed.
>
>You should probably set up a machine with something like ethereal on 
>the LAN side and look for the offending machines.
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>
>
>  
>

-- 
Eric Collins
Sr Network Administrator
Tawifi.com

Downtown Tucson WiFi Network
http://www.tawifi.com



---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch