Tuesday, September 17, 2024

Re: Pf congestion troubleshooting

Hi,
thank you very much for your help, it was a NAS sending 4000pps of "arp who-as" to all of this clients.
Marc

> On 13 Sep 2024, at 12:16, Peter N. M. Hansteen <peter@bsdly.net> wrote:
>
> Hi,
>
> As Tom mentioned, one of the least resource consuming ways to identify sources
> and volumes of the traffic seen on or in and out of your network is to set up
> for pflow aka netflow sensors and collectors.
>
> Based on the data you collect you can then analyse and make decisions
> that hopefully reflect the actual traffic patterns you are dealing with.
>
> Several sources of useful information are available, Tom already mentioned
> The Book of PF and the article about tracking down a source of disruption
> based on netflow data.
>
> It is possible that you could find something useful in the slides for the
> latest "Network Management with the OpenBSD Packet Filter Toolset" tutorial,
> to be found at https://nxdomain.no/~peter/pf_fullday.pdf (possibly to be
> updated for the upcoming Dublin event).
>
> I would of course be delighted if you do buy The Book of PF, and the
> article Tom referred to can also be found *without G's trackers* at
> https://nxdomain.no/~peter/yes_you_too_can_be_an_evil_network_verlord.html
> (the liberated versions of other blogposts can be found, pre-prettification
> at https://nxdomain.no/~peter/blogposts/)
>
> - Peter
>
> --
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
> "Remember to set the evil bit on all malicious network traffic"
> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

No comments:

Post a Comment