how to track down data transfers? or, account compromised?
i purchased a linode almost one year ago and have sat on it (been too busy with other things).
immediately after i purchased my linode i installed debian. then i left it.
today i logged into my linode thinking i'd actually start using it. however, when i checked the "Network Traffic History" i saw this:
Month MB Sent MB Received Total MB Transferred
3/2004 4.02 70.08 74.11
4/2004 12.82 82.86 95.68
5/2004 45.69 91.67 137.36
6/2004 3.67 21.09 24.75
7/2004 2.74 22.67 25.40
8/2004 2.74 27.49 30.23
9/2004 6.44 30.25 36.69
10/2004 2.80 21.59 24.38
11/2004 3.14 24.90 28.05
12/2004 5.30 37.51 42.80
1/2005 4.34 48.42 52.76
2/2005 4.42 41.73 46.16
3/2005 .90 9.35 10.25
where would one look to attempt to id the above data transfers?
thanks,
david
3 Replies
@besonen:
when i checked the "Network Traffic History" i saw this:
@besonen:1/2005 4.34 48.42 52.76
2/2005 4.42 41.73 46.16
3/2005 .90 9.35 10.25
where would one look to attempt to id the above data transfers?
I don't know if there is anywhere you can look for history on what it was, but I can tell you that's really not much traffic. Its probably just random port scans, dhcp and dns traffic, etc.
kenny
@kenny:
I don't know if there is anywhere you can look for history on what it was, but I can tell you that's really not much traffic. Its probably just random port scans, dhcp and dns traffic, etc.
kenny
thanks for replying.
you know, i was actually wondering if this could be the case. especially because i haven't noticed any other unusual account activity.
still, i'm surprised that random incidental traffic on a new unused unadvertised account can transact over 100 megs a month.
what's the simplest way for me to capture all the traffic for one month to see what's going on?
ciao,
david
Captures and displays all traffic in real time, you should be able to log the data to file, but it will create some very large files.
Adam