Eat your own dog food
This post is also available in : Spanish
Eat your own food. What a wise phrase. If you create or produce anything, you should be capable to use it/eat it as part of your daily rutine. This way, you could realize if it’s really good and how it works (if so). This can be applied to all kind of professions, but it specially important when talking about software world.
We produce Pandora FMS, a monitoring software known for its flexibility and quickness. Today at the office, and for the second time, our mail server, that is placed in Dreamhost, has been locked. Dreamhost is one of the biggest hostings on earth, wellknown for having authentic experts in their teams, not trainee students or something similar. This brand gives you a full shell in a shared hosting and they think you can’t break a thing… Are they crazy or what?
Talking to the Support Department, we are told that they’ve locked our IP for hammering against the IMAP server (when you hammer on a remote server with a lot of petitions by second). If they don’t protect their servers in an automatic way, anyone can make a DoS (Denial Of Service alias) easily.
As we know a little about monitoring and we’ve eaten our own dog food so many times, we have spent a bit more than a minute to find out the problem using Netflow  and Pandora FMS.
With a PCAP filter  applied to the realtime Netflow interface of Pandora FMS, we have extract the internal IP’s that use POP and IMAP ports, we’ve ordered the 30 IP’s with more traffic, and voilà:
We can see in yellow the IP which is hammering the Dreamhost server at a constant rate of 13kb/sec.
We are willing to tell this “subject”, who uses Mutt and Offlinemap, to update his self and pass to a mail client younger than him. ;)
To finish this post we have to say that Netflow is a 100% Opensource feature of Pandora FMS.
 Netflow is a network analysis protocol to get statistical information about the internal network usage. It’s based on sending data from the routers to a netflow manager.
 A PCAP expression is a logic expression to filter the network. It’s normally used on traffic Sniffers at low level, such as tcpdump o whireshark.
This is an adaaptation from the original post from Openfriki.