RE: Network Statistics

• Previous message: Allan Jude: "RE: Network Statistics"
• Maybe in reply to: PsYxAkIaS (FreeBSD): "Network Statistics"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <bv@wjv.com>
Date: Wed, 14 May 2003 14:36:48 -0400

Sorry, it's not in the ports tree, it's here:
http://ipband.sourceforge.net/

-----Original Message-----
From: Bill Vermillion [mailto:bv@wjv.com]
Sent: Wednesday, May 14, 2003 12:32 PM
To: Allan Jude
Subject: Re: Network Statistics

On Wed, May 14, 2003 at 11:46 , Allan Jude showing utter disregard
for spell-checkers gave us this:

> Ipband

> It's in the ports tree, it is ment to email you whenever any of your
ips
> goes over a set limit (300kb/sec)
> You can change a bit of code to make it install firewall rules rather
> than email you

I can't see Ipband in the ports tree. What hierarchy is it under?

Bill
>
> -----Original Message-----
> From: owner-freebsd-isp@freebsd.org
> [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of PsYxAkIaS
(FreeBSD)
> Sent: Wednesday, May 14, 2003 7:46 AM
> To: freebsd-isp@freebsd.org
> Subject: Network Statistics
>
>
> Hey all
>
> I am currently using tcpstat to check if I am getting attacked,
tcpdump
> to trace the ips and what type of attack and ipfw firewall to block
> them. Sometimes trafshow too but on big attacks trafshow isnt helpful.
>
> 1. Do you have any other utils than tcpdump to suggest ?
>
> 2. I was thinking to make a script to auto-block (via ipfw firewall)
any
> ip that spends 300 kb/sec for more than 1 minute. Do you know any
tools
> that may show me which of my ips are getting more than 300 kb/sec? I
> hope you got my point
>
>
> Best Regards
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
>
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

-- 
Bill Vermillion - bv @ wjv . com
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

• Previous message: Allan Jude: "RE: Network Statistics"
• Maybe in reply to: PsYxAkIaS (FreeBSD): "Network Statistics"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: IPS, alternative solutions ... they're populated with attack patterns (hopefully in advance of those ... so then why IPS? ... > information on screens and printers, including JPEG image files. ... > - Embedded in Word sent as a MIME encoded mail ... (Focus-IDS) RE: need your help about IPS and IDS,thanks ... We run a SOC with IPSes. ... cause a DoS at high bandwidth), you can mitigate the attack without taking ... traditional firewall and IDS vendors try to protect their market shares. ... The main difference in my opinion is that IPS are inline and can therefore ... (Focus-IDS) Re: IPS, alternative solutions ... >>I think we can all agree that IPS is no replacement for Patch ... including JPEG image files. ... What we have are the following network attack vectors which come to mind ... Embedded in Word sent as a MIME encoded mail ... (Focus-IDS) Re: IPS, alternative solutions ... I do not question that an inline IPS can ... the attack happened. ... If you look at IDS in a limited scope of signatures and post faco ... (Focus-IDS) Re: Vulnerability Scan 200.127.113.193, 69.93.128.17 ... I use a rule based set for certain IPs that prompt me by e-mail when I ... anomalies and create rule sets based on attack patterns by hand. ... > Two attackers initiated a mass vulnerability scan. ... > The URIs requested are all over the place as far as target environment. ... (Incidents)