How secure is you VPS traffic?
Now, I’m under no illusion that any unencrypted network traffic to and from my VPS is secure. A whole bunch of people could sniff it if they wanted to - the NOC, system admin’s, network admins …
However, I was quite surprised at what I found with one of my VPSs earlier this week. I installed a program called vnstat to monitor how much network bandwidth I was using. vnstat is a small, neat text based program that’s ideal for a VPS with limited memory.
One of my VPSs was showing way more inbound traffic than I expected. I’m not really using this VPS for much at the minute but was seeing about 1-2mb/s of inbound traffic.
So I fired up tcpdump and iptraf and was suprised to see a whole bunch of unicast traffic not destined for my VPS. I could see www, mysql, kermit, smtp… for other machines which I assume are located on the same Xen host as my VPS.
This doesn’t happen on other Xen VPSs that I’ve got with other providers so I can only assume that a network card somewhere is configured in promiscious mode that shouldn’t be.
I’ve contacted the VPS provider and he says this isn’t the case, but obviously something’s wrong somewhere.
If you’re data’s important you should be encrypting it but I bet there’s a lot of sensitive stuff floating around that isn’t still.
Related posts:
Leave a comment