Russ Kay wrote:
Well, I just got a phone call stating that my server has gone over its
monthly bandwidth limit by 2TB. Taking into affect the amount of
bandwidth I used, there are 2.3TB of unaccounted activity. I did a few
checks to see what is going on (mainly to see if there are root kits
or sniffers). I checked the log and saw a lot of ssh activity (all
denials though). I am currently maxing out my pipe and need to stop
this. So my question is what should one actually do to see how his/her
box is compromised? What should I check, in which order should I check?
Well first find out if you really are going over the limit or not, and
if the traffic is legitimate. I knoew when I was using Rackspace, I got
hit up for bandwidth of their backup system.
