> I used to have a firewall with ipfw count rules in place for every IP I > had. This worked fine, but it gave me a 2000+ ruleset that would cause > cpu to skyrocket under even the lightest of DoS attacks. > > So, I have plugged in another system on the DMZ and plan to count from > there. > > In the most basic sense, I am thinking of sniffing trafficon this second > machine and counting via that mechanism. > > Is this a common setup - counting traffic on a second machine that the > traffic does not even flow through ? If so, is ipfw count rules used on > the counting machine, or is there a better tool for counting per-IP > traffic on a secondary system like this ? > > Any suggestions are appreciated. i will be using MRTG to show the stats, > but again, the actual gathering / counting method I will use i am not sure > of ... was planning on using ipfw count rules, but thought I would ask. > > And I am not sure of how to sniff traffic and pass it to ipfw to count .. > so perhaps ipfw is not involved at all... Use of specialised account tools is better.
I use ports/net/argus with some postprocessing, but it is not simpliest way. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
