On Thursday 26 June 2008 12:39:55 Chris Downie wrote: > What should I be looking for and what can I put in place to track what is > downloading and where it's coming from?
ntop [1] will give you a comprehensive overview of what's happening. There was a SSH brute-force attack slithering around the 'Net a few weeks ago. You may well be a victim of that, because the symptoms you describe are very similar to what I suffered. I'd suggest that you protect every protectable open port with certificates, and close the rest. An nmap [2] scan from outside your net will tell you about any remaining open ports you may have missed. I'm a convert to the pfSense [3] firewall too. [1] http://www.ntop.org/ [2] http://nmap.org/ [3] http://pfsense.org/ -- Sincerely etc., Christopher Sawtell
