Firewall & Security Question

Darryl Hoar darryl at
Wed Apr 30 09:00:36 PDT 2003

my firewall is running 4.4-stable.  I have ipfilter
configured and running.  I have ipnat running. 
All the PC's on my line access our DSL line
through the firewall.

I have tripwire configured and running on my firewall.

Due to some recent activity, I need to be able to 
monitor who is doing what on the internet.  IE,
maybe a DOS attack being launched through our
connection, etc.  More than likely, I have a user
with Kazaa or some other service that is periodically
pumping out quite a bit of data.

What should I use to snoop this out?  Should I 
connect something between the firewall and the
ADSL router to log whats happening ?

Any ideas greatly appreciated.  This periodic activity
brought our DSL throughput down to the point I was
receiving calls.


More information about the freebsd-questions mailing list