Hello Nathan, On Wed, Feb 3, 2010 at 20:35, Nathan Eisenberg <[email protected]> wrote: > It would be incredibly handy to build a report that summarizes the number of > states open, groups by IP. That way, one could easily identify a DOS origin. > > For example, I just had an attacker attempt to open 40,000 simultaneously > HTTP sessions on one of my servers. I'd love to be able to see something > like this: > > Proto Source SRC Ports DST Ports > TCP 10.0.x.x 40,000 1 > TCP 74.1.x.x 16 1 > TCP 63.5.x.x 10 1 > TCP 152.4.x.x 4 1
Patches to "pftop" are very welcome, I suppose. Regards, Aarno -- Aarno Aukia Atrila GmbH Switzerland
