Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

iftop Report analysis

Posted on 2008-10-31
9
Medium Priority
?
772 Views
Last Modified: 2013-12-06
HI,
I have a vps server, i just installed iftop in my server, and when i ran this, i am relay furious and scared aswell.
have a look at the attached picture

according to picture, you can see, too much trafiq is going out side, and i dont use this server as public use, its just for my own play.

before taking this picture, i have blocked every ports in my server except ssh .
sh-3.2# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
sh-3.2#

but still so much trafiq is going out,
how this is possible ??
what shall i do ??
ftpdislpay.GIF
0
Comment
Question by:fosiul01
  • 5
  • 4
9 Comments
 
LVL 10

Expert Comment

by:Tobias
ID: 22849227
Hi !

Do you have reload the config after have changed the iptable rules ?

Best Regards
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22849296
hi,did u mean,restart iptables? Yes
0
 
LVL 10

Accepted Solution

by:
Tobias earned 1500 total points
ID: 22849465
Hi !

Try this script attached and after check the traffic again.

Best Regards



 
#!/bin/sh
 
#Reset the config
iptables -F
iptables -t nat -F
 
#block incoming connection by default
iptables -P INPUT DROP
 
 
#accept forward connection by default
iptables -P FORWARD ACCEPT
 
#accept output connection by default
iptables -P OUTPUT ACCEPT
 
#No filter on loopback
iptables -A INPUT -i lo -j ACCEPT
 
 
#Allow multicast
iptables -A INPUT -p igmp -j ACCEPT
 
 
#Accept connection that is already connected
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
 
# Accept to reach from internet ssh
#iptables -A INPUT -p tcp --dport 22 -j ACCEPT
 
 
iptables -A INPUT -j REJECT

Open in new window

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 29

Author Comment

by:fosiul01
ID: 22849515
ok i have run the script
and i have saved iptables
after that
-bash-3.2# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     igmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

you expecting something like this , is not it ??
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22849556
check the attached picture
i have stoped httpd, sendmail everything

after that its httpd is there..
iftopdisplay1.GIF
0
 
LVL 10

Expert Comment

by:Tobias
ID: 22850362
Hi !

I think the connection it's established is why the connection is like that but without traffic, but I'm not sure.


Try to do :

/etc/init.d/networking restart


This will restart all the network and the config. But this is will not reload the firewall that I give you.

Could you give me the result of :

cat /etc/network/if-pre-up.d/iptables-start


Thanks


0
 
LVL 29

Author Comment

by:fosiul01
ID: 22850432
this cat /etc/network/if-pre-up.d/iptables-start not a valid path
0
 
LVL 10

Expert Comment

by:Tobias
ID: 22850572
What do you have in the folder /etc/network/if-pre-up.d/ ?
0
 
LVL 29

Author Closing Comment

by:fosiul01
ID: 31512005
HI, problem was with VPS provider, its nothing wrong with my side, i have blocked every port but still trafiq is going out side, i spoke with them and they said , they will look in to this matter

anyway thanks
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month10 days, 23 hours left to enroll

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question