[SLUG] Smoothwall

[Chris More]

On Monday 25 Aug 2003 11:03 pm, Stuart Thomas wrote:
> Hm,
>
> Have a look at your lsof listing, might show some interesting services
> that may connect to you ISDN PPP conf file.
> Is your ISDN a TA or a Modem, and are you running on Linux/Windows/Mac
> ?....
>
> Ta,
> Stu
>
> On Monday, Aug 25, 2003, at 22:56 Europe/London, Stuart Thomas wrote:
> > Do you have a packet capture, either from tcpdump or snort, or tcpflow
> > et al?
> >
> > That would help,
> >
> > Cheers,
> > Stu
> >
> > On Monday, Aug 25, 2003, at 22:38 Europe/London, Jamie Adams wrote:
> >>> I have a problem with mine refusing to drop the (isdn) line since
> >>> all these
> >>> viritic pings started.
> >>
> >> Viritic pings?
> >>
> >> Jamie
> >>

Snort reports "ICMP PING CyberKit 2.2 Windows" about 12-15 times per minute 
when connected to btinternet.  I am lead to belive this refers to current 
worms on the loose being misinterpreted by snort.

My settings are such that the line should drop after 3 mins of inactivity.  
When connected to another isp the ping count is much less and the line gets 
dropped after the 3mins of inactivity. 

> Have a look at your lsof listing, might show some interesting services
> that may connect to you ISDN PPP conf file.

lsof is physically a problem... the machine is hidden away in a cupboard 
without monitor or keyboard... it's been so reliable I haven't need to access 
the machine physically for around 2 years.  I have checked all the logs 
available from the smoothwall web interface and can't see anything that would 
indicate a problem.

> Is your ISDN a TA or a Modem, and are you running on Linux/Windows/Mac
> ?....

Its a TA, (ISDN modem?).  Smoothwall is set up on a rather arthritic stand 
alone machine that serves our network of various OS machines.

It's not a big problem, but was just wondering if anyone else was suffering 
similar.

Chris