Originally Posted by jcombs_31
I have a slackware 10 box set up at home running as a web/ftp/database/ssh server. I have noticed that it is getting hammered on my network. I have a simple hardware firwewall (wireless router) that has only the necessary ports open for the current services I'm running. I would assume it's something either through my mail or web that is hogging lots of bandwidth but I don't know how to pinpoint or stop it. Any good suggestions on where to go from here?
Too general of a question without reference information!
First, what do mean by hammered? Someone port scanning you? How did you find this out?
I would first try to see how your security is set. Try a service like 'Steve Gibson's' www.grc.com
. Check to see what is exposed.
How your system is responding to inquiries from the internet.
Do you have tripwire or chroot running? Could you have been cracked already? Maybe someone has already scripted you and using you as a POS for attacks therefore hogging your services.
I'd like to help but can't without information.
As for the 'simple hardware firewall (wireless router)' how is it connected to the internet? Via cable,dsl or what? By chance do you have it set with DMZ?