From owner-freebsd-questions  Fri May  3 19:59:31 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from icarus.slightlystrange.org (icarus.slightlystrange.org [62.190.193.173])
	by hub.freebsd.org (Postfix) with ESMTP id 61DC837B416
	for <freebsd-questions@freebsd.org>; Fri,  3 May 2002 19:59:26 -0700 (PDT)
Received: from danielby by icarus.slightlystrange.org with local (Exim 3.12 #1 (Debian))
	id 173pld-0001XH-00
	for <freebsd-questions@FreeBSD.ORG>; Sat, 04 May 2002 03:59:25 +0100
Date: Sat, 4 May 2002 03:59:25 +0100
From: Daniel Bye <dan@slightlystrange.org>
To: freebsd-questions@FreeBSD.ORG
Subject: Re: Ping of death?
Message-ID: <20020504025925.GB5805@icarus.slightlystrange.org>
Reply-To: dan@slightlystrange.org
Mail-Followup-To: freebsd-questions@FreeBSD.ORG
References: <Pine.GSO.4.44L0.0205031752280.8080-100000@shell.core.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <Pine.GSO.4.44L0.0205031752280.8080-100000@shell.core.com>
User-Agent: Mutt/1.3.27i
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Fri, May 03, 2002 at 05:58:20PM -0500, Steven Lake wrote:
> 	I've got one box that's got absolutely horrible access speed to
> the net but it's on a T1 line and no other machine is sharing the line.
> Telco has tested the line and sees nothing wrong but were unable to do a
> bandwidth or data test to see if it's just traffic or not.
> 
> 	The line should be pushing the full 1.544mbps, but I'm barely able
> to scrape 30k out of it.  Any machine that connects to it goes through the
> roof on the processor useage and dogs out.  So I'm suspect of a possible
> ping of death, but I wanted to rule out the local equipment first.  But
> since anything connecting to it to test this is gagged it's impossible to
> do any tests.
> 
> 	Does anyone have a way to monitor incoming traffic to find out if
> you're being hit with a dos attack or should I ring telco again and have
> them do a test on the T1 line to find the source?

Check out iplog in /usr/ports/net.  tcpdump *may* be useful too.

Dan

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message