[ previous ] [ next ] [ threads ]
 From:  Chomski <chomski at chaosgate dot waw dot pl>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  traffic from m0n0wall seen on all switch ports
 Date:  Thu, 22 Feb 2007 19:17:06 +0100

I'm running m0n0wall in CD+FDD configuration. m0n0wall is connected to 
cable modem via ethernet adapter, second adapter is connected to LAN via 
two switches (they are working in uplink mode). Few days ago I've 
noticed heavy traffic on switch port connected to turned off computer. 
I've checked network with ethereal and saw lots ACK and some pop3 
sessions (but not traffic related to torrent) between router and one of 
the workstations (win xp sp2). Ethereal was running on FreeBSD machine 
on yet another port (besides those I normally use). AFAIK according to 
IPs those packets shouldn't be seen by every machine on the network. I 
tried switching off switches to clean they ARP caches, rebooting 
m0n0wall and workstations and still problem persist. Is it m0n0wall 
related or I should suspect security breach in my network?