[Firestarter-user] ARP DoS??
Brought to you by:
majix
Menu
▾
▴
[Firestarter-user] ARP DoS??
|
From: Darkman <da...@cl...> - 2004-04-27 02:46:18
|
in the past 2 days I have had somethign weird happening, and am = wondering if its a DoS on my server. it has caused mail to not be = delivered,a dn DNS not to work and any connection to the Inet has halted = completely. the only way to restore service is to reboot the server and = all is fine, except int he past two days it starts up again after a = wihle. the first thign I notice, is lack of email, then I look at my = switch lights, and see the light for the external NIC, on the switch is = flashing insanely. no other lights are doing this. only the light ont he = switch that leads to the external NIC card which is managed by = firestarter. I have sbc dsl which comes in thru their modem, then into a switcha nd = is broken up to go to different servers, then one of them goes to my = firestarter box, and that in turn goes out to an internal switch via a = second nic. so the box is multi homed. once I reboot the machine all is = fine, then it will start up again at any time. I am not seeing anythign = logged my firestarter, nor do I see anything by tail-f /var/log/messages but when I run ethereal I do see some things. I see arp requests. namely = they say they are coming from the external NIC on the firestarter = machien to the broadcast number(?), it says broadcast int he interface, = and it is asking who is 66.122.250.xxx. it also asks about one other = address, the first address is an IP address in the subnet assigned to = me, I have 5 IPS that they gave me, and the one that its asking about, = is one of mine, but its not in use......which is why I think its a DoS, = because who would be needing to know who that IP address is, especially = my own machine? what can I do short of rebooting frequently or = reassigning the IP address ont he machine to one of my other IP = addresses? |