[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
This would depend on what you allow through your firewall, For example: (from my snort server.) 02/25-13:27:59.413485 ARP who-has 80.192.118.167 tell 80.192.118.129 02/25-13:27:59.522917 ARP who-has 172.31.134.149 tell 172.31.134.1 02/25-13:27:59.605702 ARP who-has 80.235.134.11 tell 80.235.134.1 ARP request should be all the time, this only verify you on the DHCP network or ADSL is providing. Address resolution. ( 32 bits per packet if I'm right, tell me is I'm wrong.) Windows NT has some dire faults with it's TCPIP stack. 1. If netbios is enabled, with no firewall between tou and the www, this will broadcast. ( it's advised to disable netbios and netbeui if you are not using them.) good old NT/2000 - if so products LoPhTcrack to hack password files. 2. POP3 will only connect on requests by example: 25 - 110 depending on your config file to mail delivery and sending. 3. IMCP checks - that no ones is pinging your machine. (deny ICMP packets) 4. NT - disable the messenger service- easy to write a script to send messengers to your NT box. Microsoft as many os'es say disable services that are not required for your day to day service. 5. Linux - ipTables - very configurable to set a firewall up. or use SuSE 8.1 firewall very easy. 6. Check that you not running IIS if so check services - NNTP & HTTP and SMTP are started by default. lovely hacking idea there. Alex if you are recieving and sending large amounts of traffic setup a snort server, only problem here is that you need 2 NIC's private & public configure snort to monitor the public card. Alex - try a ipconfig/all for network card info this may help you. Cheers David On Tuesday 25 February 2003 12:29, Alex Charrett wrote: > On Tue, 25 Feb 2003, David Batho wrote: > > On Tuesday 25 February 2003 12:16, kevin bailey wrote: > > > like good hi-fi there are a minimum of lights - > > > > > > and they flash frantically when my NT4 laptop is on! god knows what > > > windows networking is doing all the time, > > > > ARP requests! > > It seems unlkley to me that windows would be arping more than any other OS > while running, I would have thought that the network chattering windows > does is more due to its, erm *interesting* implementaion of things like > the network browser service. Unless you know something I don't about > windows IP subtletys (which isn't difficult, being as I spend all day > working on Solaris - and at the moment IRIX). > > Alex. -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.