FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 02-25-2010, 11:17 AM
Jorge Fábregas
 
Default block port forwarding?

On Thursday 25 February 2010 07:36:50 Roland RoLaNd wrote:
> lately i've noticed that lots of traffic being produced by the servers ..
> is there a way to know whose using port forwarding to my server so they
> access the internet ?

I don't know why you use the term "port forwarding". If I understand you
correctly., and having said that ip forwarding isn't turned on, you suspect
someone is using your 2 servers to gain access to the internet"? The only
thing I can think of...they might be using your servers as a SOCKS proxy.
For this , there needs to be some way to connect to these serves (SSH?
etc...).

Log in to these servers and do a "netstat -ntap" so you can see the
established connections and track what programs are responsible for these. If
anyone is connected to your machines (from the local network) you'll see it
there too. Of course, I'm assuming your machines were not tampered with (that
is, all the binaries are intact


Best regards,
Jorge

p.d. you can try wireshark (network sniffer)...
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-25-2010, 11:18 AM
Eero Volotinen
 
Default block port forwarding?

2010/2/25 Roland RoLaNd <r_o_l_a_n_d@hotmail.com>:
>
>
> *cat /proc/sys/net/ipv4/ip_forward
> 0

So, problem solved?

--
Eero
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-25-2010, 11:19 AM
Jorge Fábregas
 
Default block port forwarding?

On Thursday 25 February 2010 08:18:13 Eero Volotinen wrote:
> > cat /proc/sys/net/ipv4/ip_forward
> > 0
>
> So, problem solved?

Hmm I think he meant to show the current status of ip forwarding on his box.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 02-25-2010, 01:00 PM
Brian Mathis
 
Default block port forwarding?

On Thu, Feb 25, 2010 at 6:39 AM, Eero Volotinen <eero.volotinen@iki.fi> wrote:

2010/2/25 Roland RoLaNd <r_o_l_a_n_d@hotmail.com>:

>

> Hello,

>

> *i have internet usage rules for all of my network.

> only 2 servers have full access to the internet..

> lately i've noticed that lots of traffic being produced by the servers ..

> is there a way to know whose using port forwarding to my server so they access the internet ?

> or is there a way to block people from doing such a thing ?



Err. Disable ip_forward&nat on server and limit connections on main firewall ..



--

Eero




@Eero:
Don't be so literal.* You need to read the whole messages and understand the problem.* Just because someone calls something "forwarding" doesn't mean they are speaking in the literal Linux kernel sense of the word.


@Roland:
In addition to what some other posters have said, look at who is logged in to the server at the time.* You might find some open SSH sessions that are using port forwarding.* You can disable this by setting "AllowTcpForwarding no" in the sshd_config, but if users have shell, it will be very difficult to stop it.* You also might want to see if there is a proxy setup, or something like that.



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 03:03 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org