Didn't touch the server setup for the past few month. It was working perfectly fine. Today there's no connection to internet. Samba working perfectly fine. Tested the modem direct to pc and is working perfectly fine. Checking the log in modem. Notice huge amount transfer out from server. Webpage server respond slow. Currently using ClearOs 7. ProLiant ML150 Gen9
In Support
Share this post:
Responses (7)
-
Accepted Answer
Can I ask if you are running your cctv on default settings. There was something published last year which showed many cameras came with easy access on by default and even some deliberate back doors open by default. Many cameras were being hijacked and could be used for other purposes than intended such as launching DDOS attacks. There was a big release of firmwares from the manufacturers to counter this.
The general suggestions are:
1 - Change the master Password
2 - Change the default port (but remember to change your port forward)
3 - Look for any access settings not needed and turn them off.
I go one stage further for my camera. I do not allow internet access, but I can still access it from the internet! I use OpenVPN to connect to my server then I can access the camera as if I am no the LAN -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Done shutting down the cctv. Seem like the traffic from the server has slow down from the look at the modem before the cctv turn off. I able to ping other pc. But unable to ping default gateway/modem.
02:00.0 Ethernet controller: Broadcom Limited NetXtreme BCM5717 Gigabit Ethernet PCIe (rev 20)
Subsystem: Hewlett-Packard Company Device 22bd
Kernel driver in use: tg3
Kernel modules: tg3
02:00.1 Ethernet controller: Broadcom Limited NetXtreme BCM5717 Gigabit Ethernet PCIe (rev 20)
Subsystem: Hewlett-Packard Company Device 22bd
Kernel driver in use: tg3
Kernel modules: tg3
-
Accepted Answer
-
Accepted Answer
Only for the cctv. Other than that none.
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_INGRESS src
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW reject-with tcp-reset
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
0 0 DROP all -- eno2 * 127.0.0.0/8 0.0.0.0/0
0 0 DROP all -- eno2 * 169.254.0.0/16 0.0.0.0/0
663 109K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
2418 257K ACCEPT all -- eno1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- eno2 * 0.0.0.0/0 0.0.0.0/0 icmptype 0
0 0 ACCEPT icmp -- eno2 * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- eno2 * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ACCEPT icmp -- eno2 * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT udp -- eno2 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 ACCEPT tcp -- eno2 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
0 0 ACCEPT udp -- eno2 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- eno2 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_SELF src,dst,dst
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_EGRESS dst
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_INGRESS src
0 0 ACCEPT tcp -- * eno1 0.0.0.0/0 192.168.0.23 3 tcp dpt:8001
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- eno1 * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_SELF src,dst,dst
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set snortsam_EGRESS dst
663 109K ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
1858 1721K ACCEPT all -- * eno1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT icmp -- * eno2 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * eno2 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
0 0 ACCEPT tcp -- * eno2 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
0 0 ACCEPT all -- * eno2 0.0.0.0/0 0.0.0.0/0
Chain DROP-lan (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
-
Accepted Answer
From your modem logs do you see any sign of the destination port numbers? If it is port 25 please stop the SMTP server immediately and post back. If you can identify http/https (outgoing from port 80/443) please stop your web server and post back.
Please also close incoming port 22 (SSH) if it is open.
Then have a look at you logs, especially the maillog and the various httpd logs.
If you get the chance, what is the output of
Please put the results between "code" tags (the piece of paper icon with a <> on it).iptables -nvL
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »