Forums

JS Koh
JS Koh
Offline
Resolved
0 votes
Didn't touch the server setup for the past few month. It was working perfectly fine. Today there's no connection to internet. Samba working perfectly fine. Tested the modem direct to pc and is working perfectly fine. Checking the log in modem. Notice huge amount transfer out from server. Webpage server respond slow. Currently using ClearOs 7. ProLiant ML150 Gen9
In Support
Wednesday, May 30 2018, 07:00 PM
Share this post:
Responses (7)
  • Accepted Answer

    Thursday, May 31 2018, 08:07 AM - #Permalink
    Resolved
    0 votes
    Can I ask if you are running your cctv on default settings. There was something published last year which showed many cameras came with easy access on by default and even some deliberate back doors open by default. Many cameras were being hijacked and could be used for other purposes than intended such as launching DDOS attacks. There was a big release of firmwares from the manufacturers to counter this.

    The general suggestions are:
    1 - Change the master Password
    2 - Change the default port (but remember to change your port forward)
    3 - Look for any access settings not needed and turn them off.

    I go one stage further for my camera. I do not allow internet access, but I can still access it from the internet! I use OpenVPN to connect to my server then I can access the camera as if I am no the LAN
    The reply is currently minimized Show
  • Accepted Answer

    JS Koh
    JS Koh
    Offline
    Wednesday, May 30 2018, 09:31 PM - #Permalink
    Resolved
    0 votes
    Noted with thanks. Somehow it work after close and open. For now, will observe any changes and let it run for the night. If any log could help the cause of this problem would be great. Appreciate with the help
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, May 30 2018, 09:16 PM - #Permalink
    Resolved
    0 votes
    I'm going to have to shutdown now for the night.

    Have a look at the Network Visualiser report and see if you can identify any sources on your LAN sending out a lot of traffic.
    The reply is currently minimized Show
  • Accepted Answer

    JS Koh
    JS Koh
    Offline
    Wednesday, May 30 2018, 08:58 PM - #Permalink
    Resolved
    0 votes
    Done shutting down the cctv. Seem like the traffic from the server has slow down from the look at the modem before the cctv turn off. I able to ping other pc. But unable to ping default gateway/modem.


    02:00.0 Ethernet controller: Broadcom Limited NetXtreme BCM5717 Gigabit Ethernet PCIe (rev 20)
    Subsystem: Hewlett-Packard Company Device 22bd
    Kernel driver in use: tg3
    Kernel modules: tg3
    02:00.1 Ethernet controller: Broadcom Limited NetXtreme BCM5717 Gigabit Ethernet PCIe (rev 20)
    Subsystem: Hewlett-Packard Company Device 22bd
    Kernel driver in use: tg3
    Kernel modules: tg3
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, May 30 2018, 08:45 PM - #Permalink
    Resolved
    0 votes
    Can you stop the cctv for the moment or close the port forward?

    What is the output to:
    lspci -k | grep Eth -A 3
    The reply is currently minimized Show
  • Accepted Answer

    JS Koh
    JS Koh
    Offline
    Wednesday, May 30 2018, 08:13 PM - #Permalink
    Resolved
    0 votes
    Only for the cctv. Other than that none.

    Chain INPUT (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_INGRESS src
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
    0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW reject-with tcp-reset
    0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
    0 0 DROP all -- eno2 * 127.0.0.0/8 0.0.0.0/0
    0 0 DROP all -- eno2 * 169.254.0.0/16 0.0.0.0/0
    663 109K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
    2418 257K ACCEPT all -- eno1 * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT icmp -- eno2 * 0.0.0.0/0 0.0.0.0/0 icmptype 0
    0 0 ACCEPT icmp -- eno2 * 0.0.0.0/0 0.0.0.0/0 icmptype 3
    0 0 ACCEPT icmp -- eno2 * 0.0.0.0/0 0.0.0.0/0 icmptype 8
    0 0 ACCEPT icmp -- eno2 * 0.0.0.0/0 0.0.0.0/0 icmptype 11
    0 0 ACCEPT udp -- eno2 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
    0 0 ACCEPT tcp -- eno2 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
    0 0 ACCEPT udp -- eno2 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
    0 0 ACCEPT tcp -- eno2 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED

    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_SELF src,dst,dst
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_EGRESS dst
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_INGRESS src
    0 0 ACCEPT tcp -- * eno1 0.0.0.0/0 192.168.0.23 3 tcp dpt:8001
    0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- eno1 * 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_SELF src,dst,dst
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_EGRESS dst
    663 109K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
    1858 1721K ACCEPT all -- * eno1 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT icmp -- * eno2 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT udp -- * eno2 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
    0 0 ACCEPT tcp -- * eno2 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
    0 0 ACCEPT all -- * eno2 0.0.0.0/0 0.0.0.0/0

    Chain DROP-lan (0 references)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, May 30 2018, 07:49 PM - #Permalink
    Resolved
    0 votes
    From your modem logs do you see any sign of the destination port numbers? If it is port 25 please stop the SMTP server immediately and post back. If you can identify http/https (outgoing from port 80/443) please stop your web server and post back.

    Please also close incoming port 22 (SSH) if it is open.

    Then have a look at you logs, especially the maillog and the various httpd logs.

    If you get the chance, what is the output of
    iptables -nvL
    Please put the results between "code" tags (the piece of paper icon with a <> on it).
    Like
    1
    The reply is currently minimized Show
Your Reply