Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: cryblood on June 20, 2000, 02:15:11 AM
-
I am having a major problem, I am currently using e-smith 3.1 as an internet gateway where I work. So far, it has worked GREAT! even Micro$oft boy (boss) is starting to like it; however, at the moment, I have a user (users?) who is causing some problems by snarfing ALL the bandwidth. I was barely able to log onto here to enter this message (had to try 3 or 4 times). I only have an ISDN (128k) here and the bandwidth is TOTALLY PEGGED!!! nobody elce can do anything! The head cheese (owner) is starting to get torked off about his e-mail being sluggish, lots of ppl are wining, and I cant seem to figure out WHO the culprite is! Is there a way to find out what internal IPs are using the bandwidth? is that info in /proc somewhere? I thought about getting a sniffer and trying to figure it out that way but I can't seem to get to the web site (let alone download the thing)
anyway, any help would be appriciated.
cryblood
-
So... here's an update in case anyone is interested.
A wild guess found me the culprite. Well... not SO wild, it turned out to be the same guy that crashed the file/mail server by filling up the filesystem with almost 2G of MP3 files just last week! This time he was using one of those programs that pays you to surf the internet (please don't ask me, I certianly don't know how it works!) Anyway, I am told that they get paid a penny or something for each link they click on. SO... this joker set up a "BOT" on two of our corporate computers to automatically click from link to link to link... and so on... and so on... and left them running when he went home! Those two BOTS managed to put our ISDN at 100% usage about 5 min after he left and kept it there till Micro$oft boy (boss) and I figured out what was going on and shut them down!
now for the good part... here is some tips on how to figure out who's online. If anyone elce has any better tips etc, PLEASE post them, this is the second time this info would have been utterly useful!
logged in as root, do:
ipchains -M -L
this will give you a short list of whoever is using the ip masqurading at that time. The lines look something like this:
TCP 14:59.99 pc-00155..com
I don't really know what the port information means, but I suspect it is the local and destination ports that are in use. To get the IP address out of this, you take your internal ip range (for example, 192.168.1.???) and plug in the 3 numbers that are just before your domain name, (155 in the example line) to get the ip 192.168.1.155. That is the IP of the person who is using masqurading, eg. the internet. Once you have the IP addresses, figure out who is using that IP address. To do this, I used nbtstat on one of the win95 boxes:
get to the Command Prompt,
nbtstat -A
this will give you the machine name as well as some other useless info. That way, you can track down the individual people.
FINALLY, being the mean-spirited @#%#@# I am, I added a couple of ipchains rules to the masq script (and the template) that kills the internet access for these two computers! guess that's two users that will have to go to the head cheese (owner) and complain. hehehe. Here's how:
login as root (locally or using telnet if you are setup to)
cd /etc/e-smith/templates/etc/rc.d/init.d (this gets you to the proper dir)
pico masq (I use pico cause it's easy & there)
now, find the ipchains lines in the masq file, you'll see:
ipchains --flush forward
ipchains --policy forward DENY
directly after those two lines (before the "{" that is there) is where you would add rules to kill the internet access for specific IPs like this:
ipchains -A forward -j DENY -s -d 0/0
now, save the file and go to the "real" init.d directory and do the same to the masq file in there,
cd /etc/rc.d/init.d
pico masq
this time there will be a rule there instead of an "{", put the new rules between the two above and this MASQ rule. It IS very important to get the order right.
once that file is saved, do a
./masq start
to re-start masq and read the new rules.
do a:
ipchains -L
to check that your rules worked, also go to the pc and make sure it indeed doesn't have access.
BTW! I AM NOT RESPONSABLE IF THIS GETS YOU FIRED!!! This isn't something to do without understanding the concequences first!
cryblood
ps, feel free to e-mail me with any comments, but be prepaired for a flame if you send me crap about "Freedom" users do NOT have the right to crash a corporate LAN with irresponsable internetting!!!
-
Wow! Personally I'd fire the bugger on the spot for misuse of computer resources! But well tracked down I say! Wonder if that sort of info could be added to the E-Smith Manager as a reporting page?
-
This is a great example of one of the things try to get across to our customers. Connecting to the internet is the proverbial double edged sword. It gives your employees a chance be more productive or to waste time and resources.
The sad part is, unless your company had an Internet usage policy there is probably not much you can do.
-
Michael Regan wrote:
> The sad part is, unless your company had an Internet usage
> policy there is probably not much you can do.
I come from a different perspective on this. I personally don't believe in Internet usage policies - I feel that they miss the point.
I believe it all comes down to performance. If this person is surfing and downloading files, they clearly aren't doing their job. Appropriate "shepherding" of company resources is another dimension of job performance and if this person is grossly mis-using any company resource, then you doubly have a performance problem. This person fails on both counts. With some good documentation and clear expectation setting, a good manager can fire anyone who isn't performing their job.
The "crime" is in failing to do the job, not in using the internet for personal usage. A policy is better when its directly related with the "crime", rather than being "one off" the mark. The same reasoning that leads to an internet usage policy would also lead to a phone policy, a "not going to the bathroom too often" policy, and a "no personal conversations at work" policy.
By staying focused on performance, you hold people accountable for their output and don't get caught up on limiting specific freedoms that *might* be a temptation for poor performance. Policies are not an adequate substitute for managers able to manage performance.
I've seen organizations damage their culture and become heavily bureaucratic through the implementation of such "off-the-mark" policies that attempt to control too many freedoms of their employees.
Guess I feel pretty strongly about it since I wrote so much on it. :)
Best Regards,
Kim Morrison
COO, e-smith, inc.
-
Would it be possible to provide a bandwith configuration option on a per-user basis?
Also, is it possible to restrict disk usage on a per user basis, and also on uploaded ftp files?
Thanks
-
In my case, it looks like the company I work for is gonna totally wimp out and pat the guy on the head and say "don't do that anymore... ok??" On top of that, the guy responsible for all this STILL says that he doesn't see why he shouldn't be allowed to use the internet connection any way he sees fit. The company IS going to write a "proper use policy", something that I've been kinda pushing them to do for 8mo. now. Unfortuneately, it will all sound reactionary instead of common sence. IMHO the time to write a proper use policy is when everyone is happily working along fine. Then, you write a document that sounds like a "no duh" to everyone. That way, when you have someone bringing in illegal software from home, you just point it out that that is against policy, a no brainer. Instead, I have to fight with people to get them to remove illegal software from corporate computers because they "just don't understand whats wrong with it" and I have to get MY @55 reamed because some jerk-off crashes the e-mail system. Then, not even a week later, downs the internet access for the 3 hours it takes me to find him, get security to let me into his office, and figure out what the heck is going on because he has 2 computers that are AUTOMATICALLY surfing the internet getting PAID so much per link they click on while this guy is at home with his damn feet up relaxing. WASTING COMPANY RESOURCES, mainly my time, but also the company owners time cause he needs to look some things up and send some e-mail before he goes home.
I still believe that ALL of this would have been avoided by a well written, common sence, proper use policy. One stating that, because of legal issues, outside software is NOT to be installed without proper authorization from the MIS department, and that the internet access is to be used for company business only. That way, we have a policy to point at when somebody says "why shouldn't I be allowed to put 1.5G (yes... thats G as in GIG of probably illegal) mp3 files on the server?"
sorry if i'm unloading, but I'm MEGA frustrated about all this, it seems like the company STILL thinks it's my fault reguardless. I guess I should be happy, I'm outa here in about a week (going to a new job) and all those people who don't like me will have to put up with my legacy. The boss is having me restrict ALL internet access to e-mail and a verry few, company related web sites! hehe... revenge is sweet, I'm even staying a few days longer just to make sure the job is done rite...
cryblood