Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 May 2003 11:46:03 -0400
From:      "Allan Jude" <937863@primus.ca>
To:        "'PsYxAkIaS (FreeBSD)'" <freebsd@psyxakias.com>
Cc:        freebsd-isp@freebsd.org
Subject:   RE: Network Statistics
Message-ID:  <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA4RatOouMvEOzXXL4aXw9/cKAAAAQAAAANJQ2dg0JSE6o+CBzvOtrqQEAAAAA@primus.ca>
In-Reply-To: <003001c31a0e$59b1ba70$162ea8c0@computer>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Ipband

It's in the ports tree, it is ment to email you whenever any of your ips
goes over a set limit (300kb/sec)
You can change a bit of code to make it install firewall rules rather
than email you


-----Original Message-----
From: owner-freebsd-isp@freebsd.org
[mailto:owner-freebsd-isp@freebsd.org] On Behalf Of PsYxAkIaS (FreeBSD)
Sent: Wednesday, May 14, 2003 7:46 AM
To: freebsd-isp@freebsd.org
Subject: Network Statistics


Hey all

I am currently using tcpstat to check if I am getting attacked, tcpdump
to trace the ips and what type of attack and ipfw firewall to block
them. Sometimes trafshow too but on big attacks trafshow isnt helpful.

1. Do you have any other utils than tcpdump to suggest ?

2. I was thinking to make a script to auto-block (via ipfw firewall) any
ip that spends 300 kb/sec for more than 1 minute. Do you know any tools
that may show me which of my ips are getting more than 300 kb/sec? I
hope you got my point


Best Regards
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA4RatOouMvEOzXXL4aXw9/cKAAAAQAAAANJQ2dg0JSE6o+CBzvOtrqQEAAAAA>