Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

iftop Report analysis

Posted on 2008-10-31
9
Medium Priority
?
764 Views
Last Modified: 2013-12-06
HI,
I have a vps server, i just installed iftop in my server, and when i ran this, i am relay furious and scared aswell.
have a look at the attached picture

according to picture, you can see, too much trafiq is going out side, and i dont use this server as public use, its just for my own play.

before taking this picture, i have blocked every ports in my server except ssh .
sh-3.2# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
sh-3.2#

but still so much trafiq is going out,
how this is possible ??
what shall i do ??
ftpdislpay.GIF
0
Comment
Question by:fosiul01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 10

Expert Comment

by:Tobias
ID: 22849227
Hi !

Do you have reload the config after have changed the iptable rules ?

Best Regards
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22849296
hi,did u mean,restart iptables? Yes
0
 
LVL 10

Accepted Solution

by:
Tobias earned 1500 total points
ID: 22849465
Hi !

Try this script attached and after check the traffic again.

Best Regards



 
#!/bin/sh
 
#Reset the config
iptables -F
iptables -t nat -F
 
#block incoming connection by default
iptables -P INPUT DROP
 
 
#accept forward connection by default
iptables -P FORWARD ACCEPT
 
#accept output connection by default
iptables -P OUTPUT ACCEPT
 
#No filter on loopback
iptables -A INPUT -i lo -j ACCEPT
 
 
#Allow multicast
iptables -A INPUT -p igmp -j ACCEPT
 
 
#Accept connection that is already connected
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
 
# Accept to reach from internet ssh
#iptables -A INPUT -p tcp --dport 22 -j ACCEPT
 
 
iptables -A INPUT -j REJECT

Open in new window

0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 29

Author Comment

by:fosiul01
ID: 22849515
ok i have run the script
and i have saved iptables
after that
-bash-3.2# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     igmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

you expecting something like this , is not it ??
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22849556
check the attached picture
i have stoped httpd, sendmail everything

after that its httpd is there..
iftopdisplay1.GIF
0
 
LVL 10

Expert Comment

by:Tobias
ID: 22850362
Hi !

I think the connection it's established is why the connection is like that but without traffic, but I'm not sure.


Try to do :

/etc/init.d/networking restart


This will restart all the network and the config. But this is will not reload the firewall that I give you.

Could you give me the result of :

cat /etc/network/if-pre-up.d/iptables-start


Thanks


0
 
LVL 29

Author Comment

by:fosiul01
ID: 22850432
this cat /etc/network/if-pre-up.d/iptables-start not a valid path
0
 
LVL 10

Expert Comment

by:Tobias
ID: 22850572
What do you have in the folder /etc/network/if-pre-up.d/ ?
0
 
LVL 29

Author Closing Comment

by:fosiul01
ID: 31512005
HI, problem was with VPS provider, its nothing wrong with my side, i have blocked every port but still trafiq is going out side, i spoke with them and they said , they will look in to this matter

anyway thanks
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will explain how to establish a SSH connection to Ubuntu through the firewall and using a different port other then 22. I have set up a Ubuntu virtual machine in Virtualbox and I am running a Windows 7 workstation. From the Ubuntu vi…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question