While looking into pmacct to monitor our Internet edge, we are also
testing is we can detect malicious activity, primarily DDoS traffic.
With the current aggregators we can gather most of the required data but
the one thing really missing is IP fragmentation.
I noticed there is already extensive defragmentation code so it might
not be that hard to add. I'm happy to give it a try but I wanted to make
sure that I'm not overlooking something and support is already there.
pmacct-discussion mailing list