Hi,
Recently i purchased a NodeDeploy KVM VPS and was surprised by how much local traffic I get from other hosts on the network.
Majority of that traffic is broadcast traffic. It wouldn't be so weird to me that it comes from NodeDeploy's router and such but from other hosts, mainly Windowses.
It's usually NetBIOS (port 137) and Dropbox LAN Sync (port 17500). Also there's some excessive DHCP offering from those hosts.
As I'm using FreeBSD and configured PF to block everything except incoming traffic to httpd/sshd my logs are getting big and very hard to analyze for other, more important stuff.
As I'm beginner, I'm not sure if this is normal but before on other hosting provider I used (KVMShell), when I asked about this, they would just terminate the user who interfere with other hosts so I got the idea that this is indeed something that shouldn't be done.
I mean, I'm not using either DHCP nor Dropbox nor I need/want any traffic from other host on the network.
- Why hosting companies like this don't isolate all network hosts from each other with couple of simple firewall rules?
- What are security implications of this traffic?
- Should I loosen my firewall rules a bit to let this traffic in?
Thanks a ton!