I could use some help from the Ubuntu wizards out there.
I run a home server, using Ubuntu 8.10. It very low traffic, with most of
the traffic being e-mail. Last night, over the course of an hour it
recorded roughly 8 GB (4 up and 4 down) of traffic over the course of 2
hours (monitoring with vnstat) and then dropped back to normal. Looking at
the logs, the traffic did not come through apache, sendmail,or SSH. Judging
from the fact that the up/down are equal, I'm guessing I've was used as a
proxy for something (I don't have a proxy server installed), but I know not
what. So, I have two questions.
1.) Any suggestions on how to further investigate this? At this point I'm
at a loss.
2.) How would you suggest further hardening my security, since it seems it
was compromised? I use Firestarter to lock down my ports, Fail2Ban to stop
those pesky SSH brute force attacks, and Snort to keep an eye out for other
Any input would be appreciated.
ubuntu-users mailing list
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users