Without physical access to the server for NTOP flows session, go for
tshark (tcpdump with ring buffers) for a day and see what's up. You can
pull the PCAP file down to your lcoal and run ethereal or NTOP or other
analysis tool from there.
Jonathan Adams wrote:
> All,
>
> I have a leased server I use to host some websites and for the past
> week I have been getting traffic warnings. The server has been
> transferring > 1GB of data per day, which is unusually high,
> especially since I moved my mail to Google Apps. I have noticed a
> ridiculous amount of attempted proxying attemptes in my logs, but I do
> not have mod proxy turned on. I suspect my server is on some list. I
> firewalled off a large number of subnets from China and my traffic
> dropped for a few days, then this morning, 2735MB transferred in 24
> hrs.
>
> As of right now, I am planning to blackhole all China traffic, since
> thats where most of this is comming from, along with the occasional
> traffic from France and other places in Eur. Is this common? If so
> are there any other remedies?
>
Received on May 28 2008
Intro
