[ previous ] [ next ] [ threads ]
 
 From:  Paul Taylor <PaulTaylor at winn dash dixie dot com>
 To:  Adam Gibson <agibson at ptm dot com>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] Continuously DNS Requests
 Date:  Wed, 16 Nov 2005 09:42:51 -0500 
What the matter?  Don't like my Firewall States table?  :)

Yes, I agree that this is a problem where the solution isn't obvious without
a sniffer, but the states table can give you good leads... He might have not
known there was a problem without it.

The states table uses a program that was already in the Monowall image, so
it mostly took the PHP code to call it, parse the result, allow sorting, and
perform the deltas on packets and bytes.

If you can find a command-line based sniffer application that is in the
50-100K range (including all supporting files), Manuel might let it slip
into production, if someone can make a decent interface for it.  Heck, I
might even give it a shot.

Paul


-----Original Message-----
From: Adam Gibson [mailto:agibson at ptm dot com] 
Sent: Wednesday, November 16, 2005 9:26 AM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] Continuously DNS Requests

I noticed the same thing(only looked at 1.2) if you put in DNS servers 
that refuse your requests(for instance if you switch ISPs but forget to 
change the DNS entries).  If the DNS server refuses the request(sends 
refused responses) m0n0wall will constantly keep sending DNS 
queries(multiple times a second non-stop).  This was another scenario 
that would not have been noticed without a packet sniffer.  I had to put 
another system on the wire to see why m0n0wall was generating all the 
traffic(I noticed the activity lights always going).   Yea... I want a 
packet sniffer with m0n0wall :).

dw dot dw dot dw at gmail dot com wrote:
> Hi Folks,
> 
> m0n0wall (v1.2 generic-pc) is continuously sending some packets to my
> ISP's DNS Server. I'm using PPPoE on WAN. The DNS Servers are served
> by my ISP on dialup.
> Since m0n0wall is sending packets every second, it makes me about 17MB
> traffic per day, resulting in 500MB per month.
> 
> Packets are always sent to the DNS Server while WAN is up. No matter
> whether LAN interface is connected or not.
> DNS Forwarder & DHCP Server is on.
> 
> Screenshot from Firewall States Table:
> http://home.arcor.de/tempdir/m0n0wall_dns.png
> 
> If you need some further information just let me know.
> 
> Best Regards,
> David
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch