Solved

iftop Report analysis

Posted on 2008-10-31
9
743 Views
Last Modified: 2013-12-06
HI,
I have a vps server, i just installed iftop in my server, and when i ran this, i am relay furious and scared aswell.
have a look at the attached picture

according to picture, you can see, too much trafiq is going out side, and i dont use this server as public use, its just for my own play.

before taking this picture, i have blocked every ports in my server except ssh .
sh-3.2# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
sh-3.2#

but still so much trafiq is going out,
how this is possible ??
what shall i do ??
ftpdislpay.GIF
0
Comment
Question by:fosiul01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 10

Expert Comment

by:MadShiva
ID: 22849227
Hi !

Do you have reload the config after have changed the iptable rules ?

Best Regards
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22849296
hi,did u mean,restart iptables? Yes
0
 
LVL 10

Accepted Solution

by:
MadShiva earned 500 total points
ID: 22849465
Hi !

Try this script attached and after check the traffic again.

Best Regards



 
#!/bin/sh
 
#Reset the config
iptables -F
iptables -t nat -F
 
#block incoming connection by default
iptables -P INPUT DROP
 
 
#accept forward connection by default
iptables -P FORWARD ACCEPT
 
#accept output connection by default
iptables -P OUTPUT ACCEPT
 
#No filter on loopback
iptables -A INPUT -i lo -j ACCEPT
 
 
#Allow multicast
iptables -A INPUT -p igmp -j ACCEPT
 
 
#Accept connection that is already connected
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
 
# Accept to reach from internet ssh
#iptables -A INPUT -p tcp --dport 22 -j ACCEPT
 
 
iptables -A INPUT -j REJECT

Open in new window

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 29

Author Comment

by:fosiul01
ID: 22849515
ok i have run the script
and i have saved iptables
after that
-bash-3.2# iptables -L
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     igmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

you expecting something like this , is not it ??
0
 
LVL 29

Author Comment

by:fosiul01
ID: 22849556
check the attached picture
i have stoped httpd, sendmail everything

after that its httpd is there..
iftopdisplay1.GIF
0
 
LVL 10

Expert Comment

by:MadShiva
ID: 22850362
Hi !

I think the connection it's established is why the connection is like that but without traffic, but I'm not sure.


Try to do :

/etc/init.d/networking restart


This will restart all the network and the config. But this is will not reload the firewall that I give you.

Could you give me the result of :

cat /etc/network/if-pre-up.d/iptables-start


Thanks


0
 
LVL 29

Author Comment

by:fosiul01
ID: 22850432
this cat /etc/network/if-pre-up.d/iptables-start not a valid path
0
 
LVL 10

Expert Comment

by:MadShiva
ID: 22850572
What do you have in the folder /etc/network/if-pre-up.d/ ?
0
 
LVL 29

Author Closing Comment

by:fosiul01
ID: 31512005
HI, problem was with VPS provider, its nothing wrong with my side, i have blocked every port but still trafiq is going out side, i spoke with them and they said , they will look in to this matter

anyway thanks
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question