Just type this on the gateway console
# tcpdump
you must be using a dual homed machine as your gateway
not quite a efficient method BUT
generally helps in finding which PC has a network virus or a trojan....
you'll see the affected machine ip just filling up your screen.
If its a windows machine, just download sygate personal firewall available on download.com, its a freeware on the affected machine, check the applications that are accessing network resources using SPF, you'll definitely find the trojan....
If its a GNU/Linux machine then
# ps -el
should list all the running daemons......single out the unknown one
use # pkill daemonName
this is a patch fix but immediate solution that I use, the experts in the LUG would definitely give you a long term effective and mature solution.
best of Luck !
bijucyborg
www.getopensource.com
Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time.
Hi,
I'm at the end of my wit's and need pointers to debug a net connection through proxy.
Setup: Every thing is standard. Two network cards, one for DSL ethernet router and one for local network. See [1] for routing table's output.
Squid is running and ipchains (still using ipchains with 2.4 kernel) is doing masquerading. For debugging purpose I have opened up all the ports and have forwarded all basic protocols. See [2] for ipchains -L -n.
Problem: All sites are accessible at port 80 other than following sites: rbi.org.in samachar.com sify.com nsdl.co.in (traceroute case : But site works with wget and browser)
What all been tried: 1. Removed squid. 2. Removed ipchains, massaged ipchain's rules with couple of options. 3. Done direct dialing using modem from two differnent machines. 4. Used two different ISP to connect. 6. All most all permutation and combination of squid, IPCHAINS and service provider.
5. Checked traceroutes : This part is something I'm not able to understand. Assuming default ttl 30 of a tcp connection, I tried tracerouting nsdl.co.in (which works) and sify.com (which does not work) but traceroute does not reach the destination IPs even with the ttl = 255 (max hops) .
In case of nsdl.co.in traceroute does not reach its IP but gets the index.html with wget, while with sify.com wget timeouts or never returns and at times I get connection refused messages.
Question: 1. Can some router might be misbehaving in the path? If yes how to discover it, as traceroute -n also does not print IP after certain limit. If ttl of 255 is causing a problem then why does nsdl.co.in works and why not other sites?
2. Same setup works in Bombay with Tatatele cable connection.
2. What next thing to check or do?
Please any pointers, what am I missing?
-Krishna
[1] routing -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 202.162.224.0 172.16.200.1 255.255.255.0 UG 0 0 0 eth1 210.210.19.0 172.16.200.1 255.255.255.0 UG 0 0 0 eth1 172.16.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 0.0.0.0 172.16.200.1 0.0.0.0 UG 0 0 0 eth1
(192.168.1* is local network)
[2] ipchains -L Chain input (policy ACCEPT): Chain forward (policy ACCEPT): target prot opt source destination ports MASQ tcp ------ 192.168.1.0/24 0.0.0.0/0 * -> * MASQ udp ------ 192.168.1.0/24 0.0.0.0/0 * -> * MASQ icmp ------ 192.168.1.0/24 0.0.0.0/0 * -> * Chain output (policy ACCEPT):
Morning Krishna,
Question:
- Can some router might be misbehaving in the path? If yes how
to discover it, as traceroute -n also does not print IP after certain limit. If ttl of 255 is causing a problem then why does nsdl.co.in works and why not other sites?
[snip]
Some of the routers configured are ****** up while the rest are plain ol sweeties.
- Same setup works in Bombay with Tatatele cable connection.
[snip]
great.
- What next thing to check or do?
[snip]
Use a laptop/desktop with a dialup connection and let us know if there is a replication of the problem.
Please any pointers, what am I missing?
[snip]
Internal/external DNS???. Are they working perfecto..???.
Trevor
-Krishna
[1] routing -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 eth0 202.162.224.0 172.16.200.1 255.255.255.0 UG 0 eth1 210.210.19.0 172.16.200.1 255.255.255.0 UG 0 eth1 172.16.0.0 0.0.0.0 255.255.0.0 U eth1 0.0.0.0 172.16.200.1 0.0.0.0 UG eth1
(192.168.1* is local network)
[2] ipchains -L Chain input (policy ACCEPT): Chain forward (policy ACCEPT): target prot opt source destination ports MASQ tcp ------ 192.168.1.0/24 0.0.0.0/0 * -> * MASQ udp ------ 192.168.1.0/24 0.0.0.0/0 * -> * MASQ icmp ------ 192.168.1.0/24 0.0.0.0/0 * -> * Chain output (policy ACCEPT):
-
BIJU KRISHNAN -
Krishna Dagli -
Trevor Warren