Solved

iftop Report analysis

Posted on 2008-10-31
9
725 Views
Last Modified: 2013-12-06
HI,
I have a vps server, i just installed iftop in my server, and when i ran this, i am relay furious and scared aswell.
have a look at the attached picture

according to picture, you can see, too much trafiq is going out side, and i dont use this server as public use, its just for my own play.

before taking this picture, i have blocked every ports in my server except ssh .
sh-3.2# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
sh-3.2#

but still so much trafiq is going out,
how this is possible ??
what shall i do ??
ftpdislpay.GIF
0
Comment
Question by:fosiul01
  • 5
  • 4
9 Comments
 
LVL 10

Expert Comment

by:MadShiva
ID: 22849227
Hi !

Do you have reload the config after have changed the iptable rules ?

Best Regards
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22849296
hi,did u mean,restart iptables? Yes
0
 
LVL 10

Accepted Solution

by:
MadShiva earned 500 total points
ID: 22849465
Hi !

Try this script attached and after check the traffic again.

Best Regards



 

#!/bin/sh
 

#Reset the config

iptables -F

iptables -t nat -F
 

#block incoming connection by default

iptables -P INPUT DROP
 
 

#accept forward connection by default

iptables -P FORWARD ACCEPT
 

#accept output connection by default

iptables -P OUTPUT ACCEPT
 

#No filter on loopback

iptables -A INPUT -i lo -j ACCEPT
 
 

#Allow multicast

iptables -A INPUT -p igmp -j ACCEPT
 
 

#Accept connection that is already connected

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
 

# Accept to reach from internet ssh

#iptables -A INPUT -p tcp --dport 22 -j ACCEPT
 
 

iptables -A INPUT -j REJECT

Open in new window

0
 
LVL 29

Author Comment

by:fosiul01
ID: 22849515
ok i have run the script
and i have saved iptables
after that
-bash-3.2# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     igmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

you expecting something like this , is not it ??
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 29

Author Comment

by:fosiul01
ID: 22849556
check the attached picture
i have stoped httpd, sendmail everything

after that its httpd is there..
iftopdisplay1.GIF
0
 
LVL 10

Expert Comment

by:MadShiva
ID: 22850362
Hi !

I think the connection it's established is why the connection is like that but without traffic, but I'm not sure.


Try to do :

/etc/init.d/networking restart


This will restart all the network and the config. But this is will not reload the firewall that I give you.

Could you give me the result of :

cat /etc/network/if-pre-up.d/iptables-start


Thanks


0
 
LVL 29

Author Comment

by:fosiul01
ID: 22850432
this cat /etc/network/if-pre-up.d/iptables-start not a valid path
0
 
LVL 10

Expert Comment

by:MadShiva
ID: 22850572
What do you have in the folder /etc/network/if-pre-up.d/ ?
0
 
LVL 29

Author Closing Comment

by:fosiul01
ID: 31512005
HI, problem was with VPS provider, its nothing wrong with my side, i have blocked every port but still trafiq is going out side, i spoke with them and they said , they will look in to this matter

anyway thanks
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Suggested Solutions

The purpose of this article is to demonstrate how we can use conditional statements using Python.
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now