Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

iftop Report analysis

Posted on 2008-10-31
9
Medium Priority
?
773 Views
Last Modified: 2013-12-06
HI,
I have a vps server, i just installed iftop in my server, and when i ran this, i am relay furious and scared aswell.
have a look at the attached picture

according to picture, you can see, too much trafiq is going out side, and i dont use this server as public use, its just for my own play.

before taking this picture, i have blocked every ports in my server except ssh .
sh-3.2# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
sh-3.2#

but still so much trafiq is going out,
how this is possible ??
what shall i do ??
ftpdislpay.GIF
0
Comment
Question by:fosiul01
  • 5
  • 4
9 Comments
 
LVL 10

Expert Comment

by:Tobias
ID: 22849227
Hi !

Do you have reload the config after have changed the iptable rules ?

Best Regards
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22849296
hi,did u mean,restart iptables? Yes
0
 
LVL 10

Accepted Solution

by:
Tobias earned 1500 total points
ID: 22849465
Hi !

Try this script attached and after check the traffic again.

Best Regards



 
#!/bin/sh
 
#Reset the config
iptables -F
iptables -t nat -F
 
#block incoming connection by default
iptables -P INPUT DROP
 
 
#accept forward connection by default
iptables -P FORWARD ACCEPT
 
#accept output connection by default
iptables -P OUTPUT ACCEPT
 
#No filter on loopback
iptables -A INPUT -i lo -j ACCEPT
 
 
#Allow multicast
iptables -A INPUT -p igmp -j ACCEPT
 
 
#Accept connection that is already connected
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
 
# Accept to reach from internet ssh
#iptables -A INPUT -p tcp --dport 22 -j ACCEPT
 
 
iptables -A INPUT -j REJECT

Open in new window

0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 29

Author Comment

by:fosiul01
ID: 22849515
ok i have run the script
and i have saved iptables
after that
-bash-3.2# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     igmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

you expecting something like this , is not it ??
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22849556
check the attached picture
i have stoped httpd, sendmail everything

after that its httpd is there..
iftopdisplay1.GIF
0
 
LVL 10

Expert Comment

by:Tobias
ID: 22850362
Hi !

I think the connection it's established is why the connection is like that but without traffic, but I'm not sure.


Try to do :

/etc/init.d/networking restart


This will restart all the network and the config. But this is will not reload the firewall that I give you.

Could you give me the result of :

cat /etc/network/if-pre-up.d/iptables-start


Thanks


0
 
LVL 29

Author Comment

by:fosiul01
ID: 22850432
this cat /etc/network/if-pre-up.d/iptables-start not a valid path
0
 
LVL 10

Expert Comment

by:Tobias
ID: 22850572
What do you have in the folder /etc/network/if-pre-up.d/ ?
0
 
LVL 29

Author Closing Comment

by:fosiul01
ID: 31512005
HI, problem was with VPS provider, its nothing wrong with my side, i have blocked every port but still trafiq is going out side, i spoke with them and they said , they will look in to this matter

anyway thanks
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month13 days, 17 hours left to enroll

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question