Yuri писал(а):
Очевидно, что причины трафика надо искать не на AddPac'е. На шлюзе можно запретить сетевой трафик со всех кроме нужных хостов access-list'ами, например.
вовсе не очевидно ...
изначально эту проблему я заметил именно на хосте с астериском
проявлялась она в логах как
Код:
+Limiting icmp unreach response from 353 to 200 packets/sec
+Limiting icmp unreach response from 351 to 200 packets/sec
+Limiting icmp unreach response from 350 to 200 packets/sec
+Limiting icmp unreach response from 355 to 200 packets/sec
+Limiting icmp unreach response from 352 to 200 packets/sec
+Limiting icmp unreach response from 341 to 200 packets/sec
+Limiting icmp unreach response from 363 to 200 packets/sec
+Limiting icmp unreach response from 358 to 200 packets/sec
+Limiting icmp unreach response from 351 to 200 packets/sec
+Limiting icmp unreach response from 353 to 200 packets/sec
+Limiting icmp unreach response from 352 to 200 packets/sec
+Limiting icmp unreach response from 317 to 200 packets/sec
+Limiting icmp unreach response from 316 to 200 packets/sec
+Limiting icmp unreach response from 292 to 200 packets/sec
+Limiting icmp unreach response from 317 to 200 packets/sec
+Limiting icmp unreach response from 284 to 200 packets/sec
+Limiting icmp unreach response from 233 to 200 packets/sec
+Limiting icmp unreach response from 213 to 200 packets/sec
+Limiting icmp unreach response from 224 to 200 packets/sec
+Limiting icmp unreach response from 203 to 200 packets/sec
+Limiting icmp unreach response from 209 to 200 packets/sec
+Limiting icmp unreach response from 210 to 200 packets/sec
+Limiting icmp unreach response from 206 to 200 packets/sec
+Limiting icmp unreach response from 206 to 200 packets/sec
+Limiting icmp unreach response from 212 to 200 packets/sec
далее был взят
#tcpdump host 10.29.15.230 and proto ICMP
и это указало на то что ICMP пакеты валятся с аддпака ....
т.е. обмен ICMP пакетами идет именно между ними
Вход
Регистрация
FAQ
Поиск
