Date: Wed, 5 Mar 2003 04:36:49 +0300 (MSK) From: "."@babolo.ru To: Josh Brooks <user@mail.econolodgetulsa.com> Cc: freebsd-net@freebsd.org Subject: Re: counting firewall traffic on a second machine Message-ID: <1046828210.004291.1187.nullmailer@cicuta.babolo.ru> In-Reply-To: <20030304021141.C49939-100000@mail.econolodgetulsa.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I used to have a firewall with ipfw count rules in place for every IP I > had. This worked fine, but it gave me a 2000+ ruleset that would cause > cpu to skyrocket under even the lightest of DoS attacks. > > So, I have plugged in another system on the DMZ and plan to count from > there. > > In the most basic sense, I am thinking of sniffing trafficon this second > machine and counting via that mechanism. > > Is this a common setup - counting traffic on a second machine that the > traffic does not even flow through ? If so, is ipfw count rules used on > the counting machine, or is there a better tool for counting per-IP > traffic on a secondary system like this ? > > Any suggestions are appreciated. i will be using MRTG to show the stats, > but again, the actual gathering / counting method I will use i am not sure > of ... was planning on using ipfw count rules, but thought I would ask. > > And I am not sure of how to sniff traffic and pass it to ipfw to count .. > so perhaps ipfw is not involved at all... Use of specialised account tools is better. I use ports/net/argus with some postprocessing, but it is not simpliest way. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1046828210.004291.1187.nullmailer>