Monitoring Bandwith on Linux box

Taking care of your Linux box.

Monitoring Bandwith on Linux box

Postby JazzyB » Thu Dec 18, 2008 5:08 pm

Dear all

I am using squid on redhat9. Some pc in my network is generating spam traffic. Router log shows my squid wan ip. Is there any software that display In & Out traffic in squid and maintain log file or any command that shows nat table in squid.
For port 80 i am using sarg. I need solution for rest of ports.

:?:
JazzyB
Lance Naik
 
Posts: 22
Joined: Mon Nov 12, 2007 10:59 am

Postby lambda » Thu Dec 18, 2008 5:23 pm

what kind of spam traffic? email spam? you should disable all forwarding for the smtp port, so that all mail traffic on your network goes through your host. you can do all the filtering there. at the very least, your mail log file will show you who the main senders are.

are you sure your proxy server isn't compromised? redhat 9 is ancient, and has lots of unpatched security holes.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby x2oxen » Sat Dec 20, 2008 1:43 pm

switch to some latest distro first.
Muhammad Usman
+92-321-6640501
Chemonics International
http://usmanpk.com
x2oxen
Major General
 
Posts: 1114
Joined: Wed Aug 22, 2007 3:17 pm
Website: http://usmanpk.com
WLM: x2oxen@hotmail.com
Yahoo Messenger: x2oxen
Location: Faisalabad

smtp traffic

Postby JazzyB » Sat Jan 03, 2009 12:10 pm

Dear lambda

router is showing smtp traffic. like spam generator on any system is creating
spams. i can catch spam generating system by changing ip addresses but i need real solution.
May be there is possibility of server side.if there is so what distro you both recommend me to use for proxy server.
I cannot stop smtp traffic coz some visiting people on my network needs smtp so i cannot start and stop smtp traffic. Is there any software which generate report of my server in which it show lan requests ports and ips like sarg does for squid traffic. One thing i am using squid as gateway and i am redirecting all traffic to squid from rc.local.
Any easy to install and use software coz i am new to linux.



:roll:
JazzyB
Lance Naik
 
Posts: 22
Joined: Mon Nov 12, 2007 10:59 am

Postby syedbilalmasaud » Sat Jan 03, 2009 7:12 pm

Dear Jazzy ,


for that there is one method available which is may be little bit complicated for you , but using this you can find out exact machine and destination host on which your spam is going or some malformed traffic

you need to use tcpdump

for that you must have tcpdump installed

# tcpdump -i eth0 -vns 0 port 25

or you can save it to some file and open it in tshark on windows application and see the packet flow

# tcpdump -i eth0 -vns 0 port 25 -w port-25.pcap

this process can be stopped by pressing ctrl+C any time

where eth0 is your LAN interface on which you lan users are connected

hope it will help you to trace your problem exactly but for that you must know how to read packet

Cheers:)
Bilal
Cheers :)

:D B I L A L :D
syedbilalmasaud
Naib Subedar
 
Posts: 347
Joined: Thu Aug 18, 2005 9:25 am
WLM: bm1984@hotmail.com
Yahoo Messenger: syedbilalmasaud@yahoo.com
Location: Attock

which distro

Postby JazzyB » Mon Jan 05, 2009 5:05 pm

Dear lambda

Thanks for help. I have used tcpdump but in redhat el 4.0. It is really good software and offcourse will help me.
can you help me which distro should i shift which is stable and have minimum security loops. I am using redhat 9 which is good and squid uptime is fine.


:)
JazzyB
Lance Naik
 
Posts: 22
Joined: Mon Nov 12, 2007 10:59 am

Postby lambda » Mon Jan 05, 2009 9:37 pm

ubuntu 8.04 server edition. 8.04 is an lts release (long term support -- you won't need to reinstall for five years).
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore


Return to “%s” Administration

Who is online

Users browsing this forum: No registered users and 1 guest

cron