Date: Wed, 30 Apr 2003 12:17:25 -0700 From: "Drew Tomlinson" <drew@mykitchentable.net> To: <darryl@osborne-ind.com>, <freebsd-questions@freebsd.org> Subject: Re: Firewall & Security Question Message-ID: <011b01c30f4d$223b0ea0$6e2a6ba5@tagalong> References: <000001c30f31$c6bc01d0$0701a8c0@darryl>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "Darryl Hoar" <darryl@osborne-ind.com> To: <freebsd-questions@freebsd.org> Sent: Wednesday, April 30, 2003 9:01 AM Subject: Firewall & Security Question > Greetings, > my firewall is running 4.4-stable. I have ipfilter > configured and running. I have ipnat running. > All the PC's on my line access our DSL line > through the firewall. > > I have tripwire configured and running on my firewall. > > Due to some recent activity, I need to be able to > monitor who is doing what on the internet. IE, > maybe a DOS attack being launched through our > connection, etc. More than likely, I have a user > with Kazaa or some other service that is periodically > pumping out quite a bit of data. > > What should I use to snoop this out? Should I > connect something between the firewall and the > ADSL router to log whats happening ? > > Any ideas greatly appreciated. This periodic activity > brought our DSL throughput down to the point I was > receiving calls. I've found ntop to be useful in diagnosing my network. I see it as kind of like a web interface to tcpdump captures. Anyway it's in the ports and was easy to setup. HTH, Drew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?011b01c30f4d$223b0ea0$6e2a6ba5>