[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: diald

To: luci-discuss@luci.org
Subject: Re: diald
From: Tim Grossner <tg@wintermute.cityscape.net>
Date: Tue, 11 Jul 2000 19:58:42 -0500 (CDT)
In-Reply-To: <Pine.LNX.3.96.1000711185939.27057A-100000@mtvernon1.accessus.net>
Organization: Linux Users of Central Illinois
Reply-To: luci-discuss@luci.org
Sender: owner-luci-discuss@luci.org

The system / Network you are connection to is running OSPF. I would
contact them and let them know, since they really shouldnt be sending you
OSPF updates. If not done correctly from their side, it sould be a serious
security / DOS risk.



Tim Grossner
Field Operations Manager        CCNA, MCP, A+
Southwestern Bell Datacom
voice - 217-747-7310
pager - 800-681-4943
cell - 217-971-0506
data - tg@cityscape.net


On Tue, 11 Jul 2000, Alan Wilson wrote:

> 
> Thanks for the tip.  I found the packets that were keeping the diald
> connection open.  About every 3 or 4 seconds (with no traffic passing through)
> I get something like
> 18:49:41.343057 204.248.89.2 > 224.0.0.5: OSPF v2-hello 44: rtrid 208.4.41.173
> backbone [tos 0xc0] [ttl1]
> 
> Not quite sure what it means.  The 18:49:41 seems to be the time.
> The 343057 changes from packet to packet in a seemingly random manner
> (sequence number?). The 204.248.82.2 is the Remote address reported at login.
> When I attempt to ping 224.0.0.5, I get a reply from 204.248.89.2 (the Remote
> address). When I tried to telnet to 208.4.41.173, I received a "WElcome to
> Accessus Mt. Vernon Pop#1" and a login prompt.
> 
> The ospf suggests that it is a routing protocol.
> 
> 
> I don't know why I babled all that much.  I guess what I am asking is what
> goes in the filter to prevent these packets from keeping the diald connection
> open?
> 
> Thanks
> 
> 
> 
> 
> On Sun, 9 Jul 2000, Jeff Licquia wrote:
> 
> > On Sun, Jul 09, 2000 at 05:23:51PM -0500, Alan Wilson wrote:
> > > 
> > > I have an older machine that I wanted IP masquerading and diald configured on.
> > > (RH5.1 2.0.34 kernel).  I got the IP masquerading working.  finally got diald
> > > to dial.  Problem: diald will not hang up.  I have played with the
> > > configuration files quite a bit; nothing obvious. My only suspect is the if I
> > > run ifconfig a couple of time, it appears that ppp0 is receiving a packet
> > > every 5 seconds or so.  Since I don't think I am causing this to happen, it
> > > appears that my ISP is sending the packet.  The phone.filter file seemed to
> > > have some filters which I thought would cause the timers to ignore such
> > > packets.  (oh, using diald16-o.16.5a-2.i386.rpm; the new one wanted libc.so.6
> > > which isn't on this computer)
> > > 
> > > Does anyone have any suggestions to make diald work -- that is hang up after a
> > > reasonable time?
> > 
> > You'll probably need to identify the packet and configure diald to
> > ignore it.
> > 
> > The best tool for identifying the packet is tcpdump, which should be
> > on the Red Hat CD.  You'll want to run it with a command line
> > something like:
> > 
> > tcpdump -ni ppp0
> > 
> > (so you don't pick up Ethernet traffic, and you don't create name
> > lookup traffic for every packet)
> > 
> > This will tell you the source and destination ports and IP addresses,
> > and whether the traffic is being initiated or received by you.  Don't
> > be surprised to find that you're generating the traffic - lots of
> > protocols, most notably any Microsoft protocols, can be quite chatty.
> > Also make sure that none of the traffic isn't a security risk and
> > shouldn't be permanently disabled; you can use other tools (such as
> > lsof) to determine what process on your system is generating/receiving
> > the traffic in this case.
> > 
> > Assuming none of the traffic poses a security risk, you'll then need
> > to tell diald to ignore the traffic.  Pick a suitable place in your
> > standard.filter file and add lines something like this:
> > 
> > ignore tcp tcp.source=tcp.31337
> > ignore udp udp.dest=udp.31337
> > 
> > These are just examples.  Put in the port numbers and so on you're
> > concerned about, and make sure the underlying protocol matches too
> > (tcp/udp).  Remember that standard.filter is evaluated in a
> > short-circuit manner, so the order of "ignore" and "accept" statements
> > counts.
> > 
> > -
> > To unsubscribe, send email to majordomo@luci.org with
> > "unsubscribe luci-discuss" in the body.
> > 
> 
> -
> To unsubscribe, send email to majordomo@luci.org with
> "unsubscribe luci-discuss" in the body.
> 

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

References:
- Re: diald
  - From: Alan Wilson <awilson@accessus.net>

Prev by Date: Re: diald
Next by Date: So that's what's stopping it
Prev by thread: Re: diald
Next by thread: Re: More PAM/NSS-DAP stuff
Index(es):
- Date
- Thread