Firewall & Security Question

Drew Tomlinson drew at
Wed Apr 30 12:17:27 PDT 2003

----- Original Message ----- 
From: "Darryl Hoar" <darryl at>
To: <freebsd-questions at>
Sent: Wednesday, April 30, 2003 9:01 AM
Subject: Firewall & Security Question

> Greetings,
> my firewall is running 4.4-stable.  I have ipfilter
> configured and running.  I have ipnat running.
> All the PC's on my line access our DSL line
> through the firewall.
> I have tripwire configured and running on my firewall.
> Due to some recent activity, I need to be able to
> monitor who is doing what on the internet.  IE,
> maybe a DOS attack being launched through our
> connection, etc.  More than likely, I have a user
> with Kazaa or some other service that is periodically
> pumping out quite a bit of data.
> What should I use to snoop this out?  Should I
> connect something between the firewall and the
> ADSL router to log whats happening ?
> Any ideas greatly appreciated.  This periodic activity
> brought our DSL throughput down to the point I was
> receiving calls.

I've found ntop to be useful in diagnosing my network.  I see it as kind of
like a web interface to tcpdump captures.  Anyway it's in the ports and was
easy to setup.



More information about the freebsd-questions mailing list