Re: How do I snoop unauthorised traffic

Peter Lowrie wrote:
One of the Windows 2000 boxs is sending data out of the network to some host
on the internet. My gateway is Mandrake Linux 8.2 running straight
iptables. I've tried tcpdump against the internet facing NIC but the data
are inconclusive.

How do I determine what traffic is leaving the network and determine what
host it is being sent to, then what string do I use in
the /etc/sysconfig/iptables file to block it?

Windows is pretty talkative out-of-the-box. You probably want
to disable the ports 135 to 193 and 445 for both TCP and UDP.

--

Tauno Voipio
tauno voipio (at) iki fi
.

Relevant Pages

  • Re: 3 nic cards and iptables
    ... SHALLAM wrote: ... network/mask format instead. ... For details, man iptables. ... tauno voipio iki fi ...
    (comp.os.linux.networking)
  • Re: dhcprelay troubleshooting, where next?
    ... Tauno Voipio wrote: ... > You seem to have ted configured as the name server for the ... tcpdump on eth0 was 0bytes long. ... I gotta look on the bright side. ...
    (comp.os.linux.networking)
  • Re: Forcing traffic out one interface
    ... But the iptables keeps rejecting that command ... interface enabling external loopback. ... tauno voipio iki fi ...
    (comp.os.linux.misc)
  • Re: iptables v1.3.5: Couldnt load target `MASQUERADE:File not found
    ... iptables v1.3.5: Couldn't load target `MASQUERADE':File not found ... The code in iptables.c shows a "Couldn't load target" error ... instead of the more common modules. ... tauno voipio iki fi ...
    (comp.os.linux.development.system)
  • Re: mystery martian source from 127.0.0.1 - more details
    ... Tauno Voipio wrote: ... > have done their job and the attackers are failing. ... Still, something is not clear to me, why is iptables not logging these ... If they come from the router (outside for my firewall), ...
    (comp.os.linux.security)