Would it be practicable for ntop to detect devices that qualify as "scanning
vast numbers of destinations" to be tagged and throttled? What I am
picturing is being able to set a connection count thresh hold for localnet
devices. Ntop should then be able to say: If a localnet device exceeds
thresh hold the device will no longer track connection information, rather
the device will be visibly flagged and a short snapshot of past
connections would be displayed. I imagine some type of timer would need
to be set (an hour?) that allows ntop to open the flood gates for that
host again.
My apologies if I am way of base.
--
"Given enough time, all legal battles in the tech industry will invoke the
DMCA. This generally means that all constructive arguments have ended."
-NialScorva
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
