Alan Cox wrote:
Gkrellm seems to keep an accurate reading of what I am using in this
computer, both upload and download so I don't think I am causing the
problem and it seems to have restarted since I re-enabled the kids XP box.
Any suggestions as to what to look for will be appreciated.
I would (and do) install my own firewall. I use shorewall, often on
Debian (as I just mentioned in another thread)m but I also have one on
CentOS4.
There's no reason you can't do it on you Fedora box, and with your
hardware I would.
I would explicitly block everything, coming and going, and allow what I
must. Require them to use your proxy for web access.
Typically I allow ssh to anywhere, from only places I may visit, smtp to
everywhere, from everywhere except those who've offended my (mostly
Chinese universities, bot not all Asian, some are in Europe or between).
http{,s} to.from everywhere, UDP domain and ntp to everywhere.
I watch the logs, and open other stuff when I need.
Like you, I need to control some teenagers (I do it a school for "youth
at risk.") I run squid (also caches stuff, reduces downloads) and
squidguard with some publicly-available blocklists, plus our own lists.
Amongst sites we block that come to mind:
proxy.org
facebook
youtube
Any other social/chat sites we notice
Numeric IP addresses (blocks google cache and other sites)
msn - we allow google search via our own search form that enforces safe
search
Sarg reports popular sites, and those are good candidates to block.
Squid has the ability to block some download types, and we do. They do
not download videos or other "bad" content.
You really really need to look at the traffic to and from the internet
connection to see what is going on (and to know how your ISP measures)
If you've got a dumb ISP which simply measures traffic aimed at your box
then anyone who happens to have fallen out with the kids involved can
simply spew data at you. If its a wireless link someone may well be
cracking that and using your bandwidth in bulk, it could be viruses on
the windows box - anything.
Until you look at the traffic you are doing the equivalent of trying to
work out where the water is coming from during a flood by measuring the
depth - yes it'll tell you that there is a problem, but it won't tell you
why..
There's some monitoring software which you can run that produces pretty
graphs of your traffic. You can see when it happens.
summer@Bandicoot:~$ apt-cache search ^mrtg
cfgstoragemaker - MRTG config generator for storage monitoring via SNMP
mrtg - multi router traffic grapher
mrtg-contrib - multi router traffic grapher (contributed files)
mrtg-ping-probe - Ping module for Multi Router Traffic Grapher
mrtg-rrd - The script for generating graphs for MRTG statistics
mrtgutils - Utilities to generate statistics for mrtg
summer@Bandicoot:~$
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
Please do not reply off-list
