Cacti & iptables

#!/usr/bin/perl # # This is a quick perl script to  # pull bandwidth usage from iptables chains # # If you use/optimize this script, please let me know. # Brian Stanback : brian [at] stanback [dot] net  # Example iptables rule for web bandwidth usage: # > iptables -N WWW # > iptables -A WWW -j ACCEPT # > iptables -A INPUT -p tcp -m tcp --dport 80 -j WWW # > iptables -A OUTPUT -p tcp -m tcp --sport 80 -j WWW # # Run "iptables.pl WWW" as root to test, note that you can  # combine more than one protocol into a single chain. # # Sudo Configuration (/etc/sudoers) # > www-data    ALL = NOPASSWD: /usr/share/cacti/scripts/iptables.pl # # The Input String should be set to "sudo <path_cacti>/scripts/iptables.pl <chain>" # and you will need to setup an input field so that the <chain> argument can be passwd. # # The data input type should be set to COUNTER #  if ($ARGV[0]) {         $chains = `/sbin/iptables -xnvL | grep -A 2 'Chain $ARGV[0]'`;         @chains = split(/\n/, $chains);         $chains[2] =~ /[\W+]?[0-9]+\W+([0-9]+)\W+/;         print $1; } else {         print "Usage: $0 Chain\n"; } 

http://rodotelmi.rebstech.com/2008/06/30/cacti-with-iptablesipfw-traffic-monitoring/

Ossec - What Exactly it is

Ossec - Open Source Host Intrusion Detection System

Hiding the apache Identity

To hide the version and other information of apache server which can be
retrieved through header of an request,
put the following lines in your apache httpd.conf file.

RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
ServerSignature off
ServerTokens Prod

Through these lines you are hiding the signature of apache and the
header will only display 'Apache'.

How to Block Torrent in Network

Torrent works based on the seeds and peers (the other computer which connects to your client application to send or receive the files) .

The seeds and peers  information to your client is provided by the torrent tracker server, which is mentioned in the  .torrent file downloaded by you from some torrent site.

Your Torrent client will read the .torrent file and connect with the torrent tracker server on 6881-7000/tcp or 2710/tcp port through http protocol and torrent tracker server will provide all the other client computer which are currently connected and having the full file or partial file which yuo want to download.

Than your client application(torrent client) will connect to those other client machines(torrent client applications) and starting transferring the data.

To block the torrent in your network , you can take the following two actions.

1. Do not allow "NEW" incoming packets in your network.

2. Block 6881-7000/tcp and 2710/tcp ports for outgoing so that your client application(torrent client) could not  connect the tracker server and get the information about other systems.

If your client(torrent application) will not get the information about other systems in world , it will not be able to download the files.

This is want you want to do.....

Cheer Up !!

Your comments and experience are most welcome.