On Thu, Jun 03, 2004 at 02:23:29PM -0600, james edwards wrote: > I would disagree. Most DDoS are high pps attacks with very small packets. > Looking at mb/sec will not show many attacks, they are only seen by looking > at flows/sec or packets/sec. > > For this, MRTG/SNMP is the wrong tool. Routers fail under high packets/sec > attacks where the total bandwith is below interface limits. Routers foward > packets not megs.
And why would MRTG be the wrong tool to monitor packets per second? Sure, when the router fails to respond at all, MRTG is not signalling the problem. For that, there are other tools. However, before the router is failing, I expect MRTG to be able to monitor the increasing amount of packets per second. Alex -- I ask you to respect any "Reply-To" and "Mail-Follow-Up" headers. If you reply to me off-list, you'd better tell me you're doing so. If you don't, and if I reply to the list, that's your problem, not mine. -- Unsubscribe mailto:[EMAIL PROTECTED] Archive http://www.ee.ethz.ch/~slist/mrtg FAQ http://faq.mrtg.org Homepage http://www.mrtg.org WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
