iftop Report analysis

HI,
I have a vps server, i just installed iftop in my server, and when i ran this, i am relay furious and scared aswell.
have a look at the attached picture

according to picture, you can see, too much trafiq is going out side, and i dont use this server as public use, its just for my own play.

before taking this picture, i have blocked every ports in my server except ssh .
sh-3.2# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
sh-3.2#

but still so much trafiq is going out,
how this is possible ??
what shall i do ??
ftpdislpay.GIF
LVL 29
fosiul01Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

TobiasCommented:
Hi !

Do you have reload the config after have changed the iptable rules ?

Best Regards
0
fosiul01Author Commented:
hi,did u mean,restart iptables? Yes
0
TobiasCommented:
Hi !

Try this script attached and after check the traffic again.

Best Regards



 
#!/bin/sh
 
#Reset the config
iptables -F
iptables -t nat -F
 
#block incoming connection by default
iptables -P INPUT DROP
 
 
#accept forward connection by default
iptables -P FORWARD ACCEPT
 
#accept output connection by default
iptables -P OUTPUT ACCEPT
 
#No filter on loopback
iptables -A INPUT -i lo -j ACCEPT
 
 
#Allow multicast
iptables -A INPUT -p igmp -j ACCEPT
 
 
#Accept connection that is already connected
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
 
# Accept to reach from internet ssh
#iptables -A INPUT -p tcp --dport 22 -j ACCEPT
 
 
iptables -A INPUT -j REJECT

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

fosiul01Author Commented:
ok i have run the script
and i have saved iptables
after that
-bash-3.2# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     igmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

you expecting something like this , is not it ??
0
fosiul01Author Commented:
check the attached picture
i have stoped httpd, sendmail everything

after that its httpd is there..
iftopdisplay1.GIF
0
TobiasCommented:
Hi !

I think the connection it's established is why the connection is like that but without traffic, but I'm not sure.


Try to do :

/etc/init.d/networking restart


This will restart all the network and the config. But this is will not reload the firewall that I give you.

Could you give me the result of :

cat /etc/network/if-pre-up.d/iptables-start


Thanks


0
fosiul01Author Commented:
this cat /etc/network/if-pre-up.d/iptables-start not a valid path
0
TobiasCommented:
What do you have in the folder /etc/network/if-pre-up.d/ ?
0
fosiul01Author Commented:
HI, problem was with VPS provider, its nothing wrong with my side, i have blocked every port but still trafiq is going out side, i spoke with them and they said , they will look in to this matter

anyway thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Distributions

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.