Excessive network traffic -

John Summerfield debian at herakles.homelinux.org
Tue Oct 30 23:06:18 UTC 2007 

Alan Cox wrote:
>> Gkrellm seems to keep an accurate reading of what I am using in this 
>> computer, both upload and download so I don't think I am causing the 
>> problem and it seems to have restarted since I re-enabled the kids XP box.
>>
>> Any suggestions as to  what to look for will be appreciated.


I would (and do) install my own firewall. I use shorewall, often on 
Debian (as I just mentioned in another thread)m but I also have one on 
CentOS4.

There's no reason you can't do it on you Fedora box, and with your 
hardware I would.

I would explicitly block everything, coming and going, and allow what I 
must. Require them to use your proxy for web access.

Typically I allow ssh to anywhere, from only places I may visit, smtp to 
everywhere, from everywhere except those who've offended my (mostly 
Chinese universities, bot not all Asian, some are in Europe or between). 
http{,s} to.from everywhere, UDP domain and ntp to everywhere.

I watch the logs, and open other stuff when I need.

Like you, I need to control some teenagers (I do it a school for "youth 
at risk.") I run squid (also caches stuff, reduces downloads) and 
squidguard with some publicly-available blocklists, plus our own lists.

Amongst sites we block that come to mind:
proxy.org
facebook
youtube
Any other social/chat sites we notice
Numeric IP addresses (blocks google cache and other sites)
msn - we allow google search via our own search form that enforces safe 
search
Sarg reports popular sites, and those are good candidates to block.

Squid has the ability to block some download types, and we do. They do 
not download videos or other "bad" content.




> 
> You really really need to look at the traffic to and from the internet
> connection to see what is going on (and to know how your ISP measures)
> 
> If you've got a dumb ISP which simply measures traffic aimed at your box
> then anyone who happens to have fallen out with the kids involved can
> simply spew data at you. If its a wireless link someone may well be
> cracking that and using your bandwidth in bulk, it could be viruses on
> the windows box - anything.
> 
> Until you look at the traffic you are doing the equivalent of trying to
> work out where the water is coming from during a flood by measuring the
> depth - yes it'll tell you that there is a problem, but it won't tell you
> why..

There's some monitoring software which you can run that produces pretty 
graphs of your traffic. You can see when it happens.

summer at Bandicoot:~$ apt-cache search ^mrtg
cfgstoragemaker - MRTG config generator for storage monitoring via SNMP
mrtg - multi router traffic grapher
mrtg-contrib - multi router traffic grapher (contributed files)
mrtg-ping-probe - Ping module for Multi Router Traffic Grapher
mrtg-rrd - The script for generating graphs for MRTG statistics
mrtgutils - Utilities to generate statistics for mrtg
summer at Bandicoot:~$





-- 

Cheers
John

-- spambait
1aaaaaaa at coco.merseine.nu  Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

Please do not reply off-list

More information about the fedora-list mailing list