Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 30 Apr 2003 12:17:25 -0700
From:      "Drew Tomlinson" <drew@mykitchentable.net>
To:        <darryl@osborne-ind.com>, <freebsd-questions@freebsd.org>
Subject:   Re: Firewall & Security Question
Message-ID:  <011b01c30f4d$223b0ea0$6e2a6ba5@tagalong>
References:  <000001c30f31$c6bc01d0$0701a8c0@darryl>

next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- 
From: "Darryl Hoar" <darryl@osborne-ind.com>
To: <freebsd-questions@freebsd.org>
Sent: Wednesday, April 30, 2003 9:01 AM
Subject: Firewall & Security Question


> Greetings,
> my firewall is running 4.4-stable.  I have ipfilter
> configured and running.  I have ipnat running.
> All the PC's on my line access our DSL line
> through the firewall.
>
> I have tripwire configured and running on my firewall.
>
> Due to some recent activity, I need to be able to
> monitor who is doing what on the internet.  IE,
> maybe a DOS attack being launched through our
> connection, etc.  More than likely, I have a user
> with Kazaa or some other service that is periodically
> pumping out quite a bit of data.
>
> What should I use to snoop this out?  Should I
> connect something between the firewall and the
> ADSL router to log whats happening ?
>
> Any ideas greatly appreciated.  This periodic activity
> brought our DSL throughput down to the point I was
> receiving calls.

I've found ntop to be useful in diagnosing my network.  I see it as kind of
like a web interface to tcpdump captures.  Anyway it's in the ports and was
easy to setup.

HTH,

Drew



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?011b01c30f4d$223b0ea0$6e2a6ba5>