Firewall & Security Question
Drew Tomlinson
drew at mykitchentable.net
Wed Apr 30 12:17:27 PDT 2003
----- Original Message -----
From: "Darryl Hoar" <darryl at osborne-ind.com>
To: <freebsd-questions at freebsd.org>
Sent: Wednesday, April 30, 2003 9:01 AM
Subject: Firewall & Security Question
> Greetings,
> my firewall is running 4.4-stable. I have ipfilter
> configured and running. I have ipnat running.
> All the PC's on my line access our DSL line
> through the firewall.
>
> I have tripwire configured and running on my firewall.
>
> Due to some recent activity, I need to be able to
> monitor who is doing what on the internet. IE,
> maybe a DOS attack being launched through our
> connection, etc. More than likely, I have a user
> with Kazaa or some other service that is periodically
> pumping out quite a bit of data.
>
> What should I use to snoop this out? Should I
> connect something between the firewall and the
> ADSL router to log whats happening ?
>
> Any ideas greatly appreciated. This periodic activity
> brought our DSL throughput down to the point I was
> receiving calls.
I've found ntop to be useful in diagnosing my network. I see it as kind of
like a web interface to tcpdump captures. Anyway it's in the ports and was
easy to setup.
HTH,
Drew
More information about the freebsd-questions
mailing list