|
|
<- Previous Message | Next Message ->
Thread Index
RE: Seeing hundreds of inbound broadcast
Thanks! I actually run Snort as IDS with the ACID front end. I hadn't really thought
about it.. I'll read the SANS stuff and generally STFW some more. Thanks for the
tip!
- Joe
>>> "Lusk, Dylan" <dlusk@...> 05/30/02 05:27PM >>>
Snort on a linux machine and the appropriate Physial layer card (i.e.
Sangoma T-1 cards monitoring @ the Smartjack, SBE T3 cards & port mirroring
from a T3 router port, or Gig-E cards and an optical tap between router &
upstream connection).
There are some really good white papers on SANS to set this up.
-----Original Message-----
From: Joe Pampel [mailto:joe@...Sent: Thursday, May 30, 2002 4:29 PM
To: isp-routing@isp-routing.com
Subject: Re: Seeing hundreds of inbound broadcast
at the risk of asking a stupid question, how can you tell where they are
coming from? Do you
just make a temp logging ACL entry and slog though that or? I have been
trying to figure out how
to tell what is causing our traffic, where it's going to and from.. and
short of using TCPdump to
sniff everything all the time and then doing some kind of sort on it, how
can you really know? cflowd? netflow?
What's an affordable solution for a smaller shop?
Any pointers welcome!
>>> jmartin <jmartin@...> 05/30/02 02:06PM >>>
what networks/subnets are they coming from? they should only be directed
broadcasts. its probably just some clowns trying to scan your network.
----- Original Message -----
From: "Ross Cornett" <tech@...>
To: <isp-routing@isp-routing.com>
Sent: Thursday, May 30, 2002 7:09 AM
Subject: Seeing hundreds of inbound broadcast
> Can anyone suggest to me why I would be seeing incoming broadcast on my t1
> connections from my backbone provider. AT&T is my provider and they are
not
> seeing broadcasts leaving their network to bet to mine. But every
interface
> I have from them is racking them up continually.
>
> Received 3179206 broadcasts
> Received 3213403 broadcasts
> Received 2154312 broadcasts
>
> These are all of my inbound interfaces and look at what I am
getting...Since
> my last counters reset. Which was maybe a week ago.
>
> I guess my next question is am I losing bandwidth due to this. Any help
> would be greatly appreciated.
>
> Thank you
>
> Ross C
>
>
>
>
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
<- Previous Message | Next Message ->
Thread Index
|
|
