SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have a slackware 10 box set up at home running as a web/ftp/database/ssh server. I have noticed that it is getting hammered on my network. I have a simple hardware firwewall (wireless router) that has only the necessary ports open for the current services I'm running. I would assume it's something either through my mail or web that is hogging lots of bandwidth but I don't know how to pinpoint or stop it. Any good suggestions on where to go from here?
I have a slackware 10 box set up at home running as a web/ftp/database/ssh server. I have noticed that it is getting hammered on my network. I have a simple hardware firwewall (wireless router) that has only the necessary ports open for the current services I'm running. I would assume it's something either through my mail or web that is hogging lots of bandwidth but I don't know how to pinpoint or stop it. Any good suggestions on where to go from here?
Hi,
Too general of a question without reference information!
First, what do mean by hammered? Someone port scanning you? How did you find this out?
I would first try to see how your security is set. Try a service like 'Steve Gibson's' www.grc.com. Check to see what is exposed.
How your system is responding to inquiries from the internet.
Do you have tripwire or chroot running? Could you have been cracked already? Maybe someone has already scripted you and using you as a POS for attacks therefore hogging your services.
I'd like to help but can't without information.
As for the 'simple hardware firewall (wireless router)' how is it connected to the internet? Via cable,dsl or what? By chance do you have it set with DMZ?
Sorry, I will try to provide a bit more info. the wireless router is connected with DSL, and is not set with DMZ. The ports open are 80, 22, 25, 21 and are forwarded to the slack box.
By hammered, I noticed that data was being transferred just by looking at the router and dsl modem and noticing that everything I was doing on the internet was crawling, I then ran "netstat" and noticed a lot of connections. I actually have the computer off now temporarily while I'm at work. I'm not sure what "tripwire" is.
All GRC.com really told me was which ports I had open, which I already knew. I'm temporarily blocking SMTP to see if this is the problem. Is there a good guide to securing mail services?
Block automatic thrasing in some way? For instance, by requiring the user to enter a number that is displayed in some automatically generated image.
I was hoping there might be an option for the webserver itself, not the forms on it. There has to be a way to detect and stop spam constantly scanning your site. I also feel it's a bit drastic to require someone to validate an image just to post to a guestbook or send an email. I can understand with some type of registration system, but not something so simple and meaningless.
The problem is that Apache does not know which are legitimate connections and which are not. If you can identify what constitutes an unwanted connection, you can build rules into Apache (and maybe your firewall).
Someone here may well be able to help, can you describe the differences between the connections that should and should not be allowed?
Sorry, I will try to provide a bit more info. the wireless router is connected with DSL, and is not set with DMZ. The ports open are 80, 22, 25, 21 and are forwarded to the slack box.
By hammered, I noticed that data was being transferred just by looking at the router and dsl modem and noticing that everything I was doing on the internet was crawling, I then ran "netstat" and noticed a lot of connections. I actually have the computer off now temporarily while I'm at work. I'm not sure what "tripwire" is.
I prefer to set my systems up so as they are a true stealth to the internet.
If someone needs to get in they know me therefore can get in. Web services, I would use a hosting service (cheap $$).
Since you are forwarding to the slack box I assume you have rule set for the router and/or DSL modem. Maybe too loose on the allow/dent sets.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.