From owner-freebsd-isp@FreeBSD.ORG Wed May 14 08:46:25 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F3E7E37B401 for ; Wed, 14 May 2003 08:46:24 -0700 (PDT) Received: from notus.primus.ca (mail.tor.primus.ca [216.254.136.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5184F43F85 for ; Wed, 14 May 2003 08:46:24 -0700 (PDT) (envelope-from 937863@primus.ca) Received: from dialin-133-241.hamilton.primus.ca ([209.90.133.241] helo=Bortas) by notus.primus.ca with esmtp (Exim 3.36 #3) id 19FySO-0008DU-0A; Wed, 14 May 2003 11:46:20 -0400 From: "Allan Jude" <937863@primus.ca> To: "'PsYxAkIaS (FreeBSD)'" Date: Wed, 14 May 2003 11:46:03 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.2616 In-Reply-To: <003001c31a0e$59b1ba70$162ea8c0@computer> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Importance: Normal cc: freebsd-isp@freebsd.org Subject: RE: Network Statistics X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2003 15:46:25 -0000 Ipband It's in the ports tree, it is ment to email you whenever any of your ips goes over a set limit (300kb/sec) You can change a bit of code to make it install firewall rules rather than email you -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of PsYxAkIaS (FreeBSD) Sent: Wednesday, May 14, 2003 7:46 AM To: freebsd-isp@freebsd.org Subject: Network Statistics Hey all I am currently using tcpstat to check if I am getting attacked, tcpdump to trace the ips and what type of attack and ipfw firewall to block them. Sometimes trafshow too but on big attacks trafshow isnt helpful. 1. Do you have any other utils than tcpdump to suggest ? 2. I was thinking to make a script to auto-block (via ipfw firewall) any ip that spends 300 kb/sec for more than 1 minute. Do you know any tools that may show me which of my ips are getting more than 300 kb/sec? I hope you got my point Best Regards _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"