Hi,
As Tom mentioned, one of the least resource consuming ways to identify sources
and volumes of the traffic seen on or in and out of your network is to set up
for pflow aka netflow sensors and collectors.
Based on the data you collect you can then analyse and make decisions
that hopefully reflect the actual traffic patterns you are dealing with.
Several sources of useful information are available, Tom already mentioned
The Book of PF and the article about tracking down a source of disruption
based on netflow data.
It is possible that you could find something useful in the slides for the
latest "Network Management with the OpenBSD Packet Filter Toolset" tutorial,
to be found at https://nxdomain.no/~peter/pf_fullday.pdf (possibly to be
updated for the upcoming Dublin event).
I would of course be delighted if you do buy The Book of PF, and the
article Tom referred to can also be found *without G's trackers* at
https://nxdomain.no/~peter/yes_you_too_can_be_an_evil_network_verlord.html
(the liberated versions of other blogposts can be found, pre-prettification
at https://nxdomain.no/~peter/blogposts/)
- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
No comments:
Post a Comment