[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Excessive network traffic -



Alan Cox wrote:
Gkrellm seems to keep an accurate reading of what I am using in this computer, both upload and download so I don't think I am causing the problem and it seems to have restarted since I re-enabled the kids XP box.

Any suggestions as to  what to look for will be appreciated.


I would (and do) install my own firewall. I use shorewall, often on Debian (as I just mentioned in another thread)m but I also have one on CentOS4.

There's no reason you can't do it on you Fedora box, and with your hardware I would.

I would explicitly block everything, coming and going, and allow what I must. Require them to use your proxy for web access.

Typically I allow ssh to anywhere, from only places I may visit, smtp to everywhere, from everywhere except those who've offended my (mostly Chinese universities, bot not all Asian, some are in Europe or between). http{,s} to.from everywhere, UDP domain and ntp to everywhere.

I watch the logs, and open other stuff when I need.

Like you, I need to control some teenagers (I do it a school for "youth at risk.") I run squid (also caches stuff, reduces downloads) and squidguard with some publicly-available blocklists, plus our own lists.

Amongst sites we block that come to mind:
proxy.org
facebook
youtube
Any other social/chat sites we notice
Numeric IP addresses (blocks google cache and other sites)
msn - we allow google search via our own search form that enforces safe search
Sarg reports popular sites, and those are good candidates to block.

Squid has the ability to block some download types, and we do. They do not download videos or other "bad" content.





You really really need to look at the traffic to and from the internet
connection to see what is going on (and to know how your ISP measures)

If you've got a dumb ISP which simply measures traffic aimed at your box
then anyone who happens to have fallen out with the kids involved can
simply spew data at you. If its a wireless link someone may well be
cracking that and using your bandwidth in bulk, it could be viruses on
the windows box - anything.

Until you look at the traffic you are doing the equivalent of trying to
work out where the water is coming from during a flood by measuring the
depth - yes it'll tell you that there is a problem, but it won't tell you
why..

There's some monitoring software which you can run that produces pretty graphs of your traffic. You can see when it happens.

summer Bandicoot:~$ apt-cache search ^mrtg
cfgstoragemaker - MRTG config generator for storage monitoring via SNMP
mrtg - multi router traffic grapher
mrtg-contrib - multi router traffic grapher (contributed files)
mrtg-ping-probe - Ping module for Multi Router Traffic Grapher
mrtg-rrd - The script for generating graphs for MRTG statistics
mrtgutils - Utilities to generate statistics for mrtg
summer Bandicoot:~$





--

Cheers
John

-- spambait
1aaaaaaa coco merseine nu  Z1aaaaaaa coco merseine nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375

Please do not reply off-list


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]