Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: Weird Traffic
From: pinowudi <pinowudi () gmail com>
Date: Tue, 27 May 2008 23:51:31 -0400
Without physical access to the server for NTOP flows session, go for tshark (tcpdump with ring buffers) for a day and see what's up. You can pull the PCAP file down to your lcoal and run ethereal or NTOP or other analysis tool from there. 

Jonathan Adams wrote:

All,

  I have a leased server I use to host some websites and for the past
week I have been getting traffic warnings. The server has been
transferring > 1GB of data per day, which is unusually high,
especially since I moved my mail to Google Apps. I have noticed a
ridiculous amount of attempted proxying attemptes in my logs, but I do
not have mod proxy turned on. I suspect my server is on some list.  I
firewalled off a large number of subnets from China and my traffic
dropped for a few days, then this morning, 2735MB transferred in 24
hrs.

  As of right now, I am planning to blackhole all China traffic, since
thats where most of this is comming from, along with the occasional
traffic from France and other places in Eur. Is this common?  If so
are there any other remedies?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]