netfilter-owner@xxxxxxxxxxxxxxx wrote:
Ok, it seems that really - someone in LAN is attacking the internet.
If I turn on forwarding for few users like me, some other
computer-literate friends - digg.com still works :))
Now it's the question how do I catch bad guys? What should I look
into? Packet bursts? Lot's of new connections? Etc?
quick ways could be:
iptraf (you could apply filters for specific traffic)
iptstate (shows conntrack table)
tcpdump (i.e. simple rule: tcpdump -n -i your_ext_iface tcp dst port 80)
any of those tools could give you a quick picture of current connections
(attempts).
greets
mart
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
