Contact SalesSitemapCustomer Login

Go Back   VPSlink Forums > Technical Discussion > Security

Closed Thread
 
Thread Tools Display Modes
  #1 (permalink)  
Old 07-07-2011, 10:20 AM
Junior Member
 
Join Date: Mar 2007
Posts: 21
Default iptraf not working

Hi
2 days ago, some bastard has found a way to upload some scripts in my /tmp folder, and after that he started an UDP flood from my server. Now I have a fresh OS, a better configured firewall, but I'm still worried because I'm not sure if I'm safe.

I have decided to use a different "upload_tmp_dir" for each domain in order to find out the site that permitted script uploading.

It would be great if I could make iptraf working but I couldn't. It doesn't see anything on venet0. Any alternative for this?

Also any advice would be great.
Thanks
  #2 (permalink)  
Old 07-07-2011, 04:54 PM
Moderator
 
Join Date: Jul 2009
Location: New York
Posts: 464
Default

this is an interesting question because iptraf is a kernel level sniffing program. Some say it works and some say it doesn't in ve's.

You can specify the interface using iptraf -u or iptraf -i and see if it works that way.

If that doesn't seem to work than you have to find something else. I can't think of one at the moment however.
__________________
Happily on a Link3. Feel free to request a refferal code that takes a 10% lifetime discount off your hosting.
Please open a SUPPORT TICKET AND CALL vpslink to resolve your vpslink problems FIRST
I am a CUSTOMER Only. Any vpslink issues should be directed to Matt@VPSLink and/or Michael@VPSLink
  #3 (permalink)  
Old 07-07-2011, 07:02 PM
Senior Member
 
Join Date: Jun 2008
Posts: 232
Default

Quote:
Originally Posted by Cwewmpz View Post
If that doesn't seem to work than you have to find something else. I can't think of one at the moment however.
How about tcpdump?
  #4 (permalink)  
Old 07-07-2011, 09:04 PM
Junior Member
 
Join Date: Mar 2007
Posts: 21
Default

tcpdump capture everything, but the screen is scroling like in Matrix movie. I can't figure out how to group packets by ip or port.
  #5 (permalink)  
Old 07-08-2011, 05:10 PM
Moderator
 
Join Date: Jul 2009
Location: New York
Posts: 464
Default

trafshow is usable on venet0
__________________
Happily on a Link3. Feel free to request a refferal code that takes a 10% lifetime discount off your hosting.
Please open a SUPPORT TICKET AND CALL vpslink to resolve your vpslink problems FIRST
I am a CUSTOMER Only. Any vpslink issues should be directed to Matt@VPSLink and/or Michael@VPSLink
  #6 (permalink)  
Old 07-08-2011, 05:40 PM
Senior Member
 
Join Date: Jun 2008
Posts: 232
Default

Quote:
Originally Posted by costy81gl View Post
tcpdump capture everything, but the screen is scroling like in Matrix movie. I can't figure out how to group packets by ip or port.
google is your friend.

For example an excerpt from one hit Notes on the use of TCPDump:
Quote:
Originally Posted by Alastair Matthews
Source and Destination addresses and Ports

To capture packets to or from particuar groups or hosts a range of expression can be used, here are some example.

To capture all traffic with host churchward as source or destination address

tcpdump host churchward

To capture all traffic with the tcp or udp, source or destination port number 53

tcpdump port 53

To capture all traffic with the source address churchward

tcpdump src host churchward

To capture all trafffic with the destination tcp or udp port 53

tcpdump dst port 53

To capture all TCP traffic with the source address churchward

tcpdump tcp src host churchward

To capture all trafffic with the destination udp port 53

tcpdump udp dst port 53
  #7 (permalink)  
Old 09-05-2011, 06:22 PM
Moderator
 
Join Date: Jul 2009
Location: New York
Posts: 464
Default

this thread is closed due to spam. Please Private Message me if there is a reason you wish to add to this thread. Thank you.
__________________
Happily on a Link3. Feel free to request a refferal code that takes a 10% lifetime discount off your hosting.
Please open a SUPPORT TICKET AND CALL vpslink to resolve your vpslink problems FIRST
I am a CUSTOMER Only. Any vpslink issues should be directed to Matt@VPSLink and/or Michael@VPSLink
Closed Thread

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT. The time now is 02:16 PM.


Powered by vBulletin® Version 3.8.5
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.2.0