[H-GEN] tracking network usage

Johann Kwiatkowski johann at spot-the-dog.com
Tue Sep 16 07:50:19 EDT 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

Hi,
  hopefully this is relevant enough for the list. My problem comes down
to my ISP charging me for approximately for 13gigs of download on a plan
that charges by the megabyte, hence I recieved an expensive bill :( . 

My first thought was that I had been hacked (the internet connection is
adsl and runs my email server, running redhat 8.0). Now, I have been
hacked before, about the time when I was first learning about email
servers and things, and was a bit naive about security. Well that taught
me to take security a lot more seriously, so I tigthen my server as best
as I can. 

So here I am, and I have checked the server, and so far I can not find
any signs of intrusion. (I checked for altered files like hosts.allow,
looked for unsual files, have gone through all my log files etc). I also
asked my isp if they log uplaods, which would have helped if someone was
bouncing off my server, but they do not. I have also asked the ISP in
question to lookin into it, but the feeling I get from the help desk is
that their computers don't make mistakes, the fault is all my (which I
am willing to accept if it is). Now I also have 4 machines behind my
email server. I have checked all the machines too (2 x redhat 9
machines, 1 debian and 1 windows 98) and they all seem fine too.

To get to the point, any ideas where I can proceed from here ( even if I
have made an error somewhere, I would really like to know where 13 gigs
of data has gone! over a two week period) , or should I just notch this
up to a bad experience, reinstall and start again. What advice can ppl
give me to increase my logging capabilities too, so that I have a very
good idea (instead of just the standard install that redhat puts in) of
what goes in and out of my gateway machine?


thanks in advance

Johann


-- 
Johann Kwiatkowski <johann at spot-the-dog.com>
Spot The Dog Graphics P/L


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list