On Fri, 20 Feb 2004 09:48:06 -0800 (PST), [EMAIL PROTECTED] wrote in message <[EMAIL PROTECTED]>:
> Would it be practicable for ntop to detect devices that qualify as > "scanning vast numbers of destinations" to be tagged and throttled? ..and gagged? > What I am picturing is being able to set a connection count thresh > hold for localnet devices. Ntop should then be able to say: If a > localnet device exceeds thresh hold the device will no longer track > connection information, rather the device will be visibly flagged and > a short snapshot of past connections would be displayed. ..this is useful to tell your flown away offender why you gag him. > I imagine some type of timer would need to be set (an hour?) that > allows ntop to open the flood gates for that host again. ..buys him time to fix his box or face another gag. ;-) -- ..med vennlig hilsen = with Kind Regards from Arnt... ;-) ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listgateway.unipi.it/mailman/listinfo/ntop
