On Thursday 25 February 2010 07:36:50 Roland RoLaNd wrote:
> lately i've noticed that lots of traffic being produced by the servers ..
> is there a way to know whose using port forwarding to my server so they
> access the internet ?
I don't know why you use the term "port forwarding". If I understand you
correctly., and having said that ip forwarding isn't turned on, you suspect
someone is using your 2 servers to gain access to the internet"? The only
thing I can think of...they might be using your servers as a SOCKS proxy.
For this , there needs to be some way to connect to these serves (SSH?
Log in to these servers and do a "netstat -ntap" so you can see the
established connections and track what programs are responsible for these. If
anyone is connected to your machines (from the local network) you'll see it
there too. Of course, I'm assuming your machines were not tampered with (that
is, all the binaries are intact
p.d. you can try wireshark (network sniffer)...
CentOS mailing list