From owner-freebsd-isp@FreeBSD.ORG Wed May 14 04:45:47 2003 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1616A37B401 for ; Wed, 14 May 2003 04:45:47 -0700 (PDT) Received: from web1.subnetmask.net (web1.subnetmask.net [207.44.145.30]) by mx1.FreeBSD.org (Postfix) with SMTP id 5F9FC43F3F for ; Wed, 14 May 2003 04:45:46 -0700 (PDT) (envelope-from freebsd@psyxakias.com) Received: (qmail 26689 invoked from network); 14 May 2003 11:45:44 -0000 Received: from unknown (HELO computer) (62.103.188.66) by bofh.reverse.net with SMTP; 14 May 2003 11:45:44 -0000 Message-ID: <003001c31a0e$59b1ba70$162ea8c0@computer> From: "PsYxAkIaS (FreeBSD)" To: Date: Wed, 14 May 2003 14:45:40 +0300 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Content-Type: text/plain; charset="iso-8859-7" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Network Statistics X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 May 2003 11:45:47 -0000 Hey all I am currently using tcpstat to check if I am getting attacked, tcpdump = to trace the ips and what type of attack and ipfw firewall to block = them. Sometimes trafshow too but on big attacks trafshow isnt helpful. 1. Do you have any other utils than tcpdump to suggest ? 2. I was thinking to make a script to auto-block (via ipfw firewall) any = ip that spends 300 kb/sec for more than 1 minute. Do you know any tools = that may show me which of my ips are getting more than 300 kb/sec? I = hope you got my point Best Regards