Date: Wed, 14 May 2003 11:46:03 -0400 From: "Allan Jude" <937863@primus.ca> To: "'PsYxAkIaS (FreeBSD)'" <freebsd@psyxakias.com> Cc: freebsd-isp@freebsd.org Subject: RE: Network Statistics Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA4RatOouMvEOzXXL4aXw9/cKAAAAQAAAANJQ2dg0JSE6o%2BCBzvOtrqQEAAAAA@primus.ca> In-Reply-To: <003001c31a0e$59b1ba70$162ea8c0@computer>
next in thread | previous in thread | raw e-mail | index | archive | help
Ipband It's in the ports tree, it is ment to email you whenever any of your ips goes over a set limit (300kb/sec) You can change a bit of code to make it install firewall rules rather than email you -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of PsYxAkIaS (FreeBSD) Sent: Wednesday, May 14, 2003 7:46 AM To: freebsd-isp@freebsd.org Subject: Network Statistics Hey all I am currently using tcpstat to check if I am getting attacked, tcpdump to trace the ips and what type of attack and ipfw firewall to block them. Sometimes trafshow too but on big attacks trafshow isnt helpful. 1. Do you have any other utils than tcpdump to suggest ? 2. I was thinking to make a script to auto-block (via ipfw firewall) any ip that spends 300 kb/sec for more than 1 minute. Do you know any tools that may show me which of my ips are getting more than 300 kb/sec? I hope you got my point Best Regards _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAA4RatOouMvEOzXXL4aXw9/cKAAAAQAAAANJQ2dg0JSE6o%2BCBzvOtrqQEAAAAA>