[SLUG] Smoothwall
Stuart Thomas
stuartthomas at clara.co.uk
Wed Aug 27 15:48:01 BST 2003
Indeed MODEM eh, digital line, analogue to digital converstion, hm me
using marketing
terminology to describe an external TA. Hehe.
On Tuesday, Aug 26, 2003, at 12:15 Europe/London, Chris More wrote:
> On Monday 25 Aug 2003 11:03 pm, Stuart Thomas wrote:
>> Hm,
>>
>> Have a look at your lsof listing, might show some interesting services
>> that may connect to you ISDN PPP conf file.
>> Is your ISDN a TA or a Modem, and are you running on Linux/Windows/Mac
>> ?....
>>
>> Ta,
>> Stu
>>
>> On Monday, Aug 25, 2003, at 22:56 Europe/London, Stuart Thomas wrote:
>>> Do you have a packet capture, either from tcpdump or snort, or
>>> tcpflow
>>> et al?
>>>
>>> That would help,
>>>
>>> Cheers,
>>> Stu
>>>
>>> On Monday, Aug 25, 2003, at 22:38 Europe/London, Jamie Adams wrote:
>>>>> I have a problem with mine refusing to drop the (isdn) line since
>>>>> all these
>>>>> viritic pings started.
>>>>
>>>> Viritic pings?
>>>>
>>>> Jamie
>>>>
>
> Snort reports "ICMP PING CyberKit 2.2 Windows" about 12-15 times per
> minute
> when connected to btinternet. I am lead to belive this refers to
> current
> worms on the loose being misinterpreted by snort.
>
> My settings are such that the line should drop after 3 mins of
> inactivity.
> When connected to another isp the ping count is much less and the line
> gets
> dropped after the 3mins of inactivity.
>
>> Have a look at your lsof listing, might show some interesting services
>> that may connect to you ISDN PPP conf file.
>
> lsof is physically a problem... the machine is hidden away in a
> cupboard
> without monitor or keyboard... it's been so reliable I haven't need to
> access
> the machine physically for around 2 years. I have checked all the logs
> available from the smoothwall web interface and can't see anything
> that would
> indicate a problem.
>
>> Is your ISDN a TA or a Modem, and are you running on Linux/Windows/Mac
>> ?....
>
> Its a TA, (ISDN modem?). Smoothwall is set up on a rather arthritic
> stand
> alone machine that serves our network of various OS machines.
>
> It's not a big problem, but was just wondering if anyone else was
> suffering
> similar.
>
> Chris
>
>
>
>
>
--
Stu Thomas
Freelance Information Security Specialist
+44 (0) 7957 621042
http://www.caughtbythe.net
More information about the Scarborough
mailing list