sorry, the correct name is bandwidthd 2010/6/9 Fabio T. Leitao <[email protected]>
> I also know (and use in a customer firewall) bandwithd... it plots a decent > web report of traffic per network, per IP, several protocols... > > 2010/6/8 Bill <[email protected]> > > I think mrtg is a little better. It graphs it out for ya so you can see >> where the peaks are. It is a fantastic tool to see in a quick glance >> what is going on with traffic and loads. If your working in say a data >> center where you need to monitor several routers you can graph each and >> every port. It was a great tool for DOS attacks we could see real quick >> where the trouble was. >> >> On 6/8/2010 11:32 AM, Jorge Armando Medina wrote: >> > Bill wrote: >> > >> >> I also use snmp and mrtg. I like seeing how much traffic is coming >> >> through during the night. >> >> >> >> >> > vnstat is good for that, here a example: >> > >> > # vnstat -i eth1 -d >> > >> > eth1 / daily >> > >> > day rx | tx | total >> > >> ------------------------+-------------+---------------------------------------- >> > 10.05. 1.55 GB | 614.03 MB | 2.15 GB %%%%%%::: >> > 11.05. 1.95 GB | 830.82 MB | 2.76 GB %%%%%%%%:::: >> > 12.05. 1.79 GB | 897.25 MB | 2.66 GB %%%%%%%%:::: >> > 13.05. 1.75 GB | 885.00 MB | 2.61 GB %%%%%%%:::: >> > 14.05. 2.31 GB | 845.42 MB | 3.14 GB %%%%%%%%%%:::: >> > 15.05. 504.79 MB | 372.75 MB | 877.54 MB %%: >> > 16.05. 43.93 MB | 92.58 MB | 136.51 MB >> > 17.05. 1.35 GB | 746.94 MB | 2.08 GB %%%%%%::: >> > 18.05. 1.91 GB | 1.14 GB | 3.05 GB %%%%%%%%::::: >> > 19.05. 1.38 GB | 943.80 MB | 2.30 GB %%%%%%:::: >> > 20.05. 1.29 GB | 852.66 MB | 2.12 GB %%%%%:::: >> > 21.05. 1.40 GB | 729.03 MB | 2.11 GB %%%%%%::: >> > 22.05. 394.85 MB | 280.23 MB | 675.08 MB %%: >> > 23.05. 78.72 MB | 184.89 MB | 263.61 MB : >> > 24.05. 1.42 GB | 838.88 MB | 2.24 GB %%%%%%:::: >> > 25.05. 1.50 GB | 871.23 MB | 2.35 GB %%%%%%:::: >> > 26.05. 1.61 GB | 893.04 MB | 2.48 GB %%%%%%%:::: >> > 27.05. 1.67 GB | 993.82 MB | 2.65 GB %%%%%%%%:::: >> > 28.05. 1.57 GB | 1.71 GB | 3.29 GB %%%%%%%:::::::: >> > 29.05. 718.45 MB | 360.40 MB | 1.05 GB %%%: >> > 30.05. 44.14 MB | 81.51 MB | 125.65 MB >> > 31.05. 1.04 GB | 775.54 MB | 1.80 GB %%%%%::: >> > 01.06. 1.15 GB | 642.65 MB | 1.78 GB %%%%%::: >> > 02.06. 1.56 GB | 1.12 GB | 2.68 GB %%%%%%%::::: >> > 03.06. 3.85 GB | 1.62 GB | 5.47 GB >> > %%%%%%%%%%%%%%%%%%::::::: >> > 04.06. 2.32 GB | 1.49 GB | 3.81 GB %%%%%%%%%%::::::: >> > 05.06. 876.30 MB | 449.40 MB | 1.29 GB %%%:: >> > 06.06. 117.62 MB | 158.43 MB | 276.05 MB : >> > 07.06. 1.99 GB | 1.38 GB | 3.37 GB %%%%%%%%%:::::: >> > 08.06. 981.30 MB | 712.62 MB | 1.65 GB %%%%::: >> > >> ------------------------+-------------+---------------------------------------- >> > estimated 1.70 GB | 1.23 GB | 2.93 GB >> > >> > Best regards. >> > >> >> On 6/8/2010 8:52 AM, Eric Peters wrote: >> >> >> >> >> >>> I agree, proactively monitoring your network, makes for good practice, >> >>> and also peace of mind. Security through obscurity, and passive >> >>> reactionary monitoring is just asking for your network to be abused. >> >>> Here are just some tools that I use on a daily basis which >> >>> would easily detect p2p traffic and other abuses. >> >>> >> >>> Ntop = /ntop/ is a network traffic probe that shows the network >> >>> usage, similar to what the popular top Unix command does, but >> prettier! >> >>> Snort = /Snort/ is a free and open source network intrusion >> >>> prevention system (NIPS) and network intrusion detection system (NIDS) >> >>> Snorby = Great front end for Snort, I'm currently working on a >> howto >> >>> for this under Ubuntu 10.4 >> >>> ET Rules = Emerging Threats is an open source community project with >> >>> the fastest moving and most diverse Snort Signature set and firewall >> >>> rules available >> >>> Wireshark = /Wireshark/ is a network protocol analyzer >> >>> nmap = Security Scanner For Network Exploration& computer >> scanning >> >>> >> >>> I'm curious as to what everyone else is using? Did I leave anything >> out? >> >>> What's your thoughts on this subject? >> >>> >> >>> >> >>> Cheers, >> >>> Eric >> >>> >> >>> >> >>> On Sat, Jun 5, 2010 at 5:53 PM, Michael Sanders<[email protected] >> >>> <mailto:[email protected]>> wrote: >> >>> >> >>> I second Paul that is the way to go, once one finds out they have >> >>> eyes on them, it "can" fix it's self. We had a problem with an >> >>> individual serving up files and the big bad record industry sent >> a >> >>> letter. That gave us the right to cut the user off. Once turned >> back >> >>> on behavior changed. You will get some flack on the front end >> but >> >>> over time a majority of the community will get in line. >> >>> >> >>> Danny Michael Sanders >> >>> IT Support Analyst >> >>> >> >>> ----- "Paul Graydon"<[email protected] >> >>> <mailto:[email protected]>> wrote: >> >>> > That will help, but realistically you're going to have to >> block >> >>> every "high port" to stop P2P through that method. >> >>> > >> >>> > The only way to effectively block P2P is to do packet >> sniffing >> >>> and analysis.. and that's just one big hassle. >> >>> > >> >>> > My belief is this is usually the wrong way to tackle the >> problem, >> >>> looking for a technical solution to a human resource problem. >> >>> > User education (and LARTing if necessary) is the key. Using >> >>> software like Cacti to monitor and graph per-port traffic stats, >> >>> identify the largest bandwidth users and then focus on them and >> find >> >>> out just why they're using up so much bandwidth. >> >>> > It's remarkable just how soon the problem all goes away after >> you >> >>> find just one or two individuals who are abusing the network >> >>> infrastructure and explain to them what the disciplinary >> procedures >> >>> are (or enact if it's appropriate and you have concrete >> evidence.) >> >>> The message soon spreads! >> >>> > >> >>> > Paul >> >>> > >> >>> > On 06/04/2010 05:03 AM, Greyson Farias wrote: >> >>> >> >>> Hello, >> >>> > >> >>> > You can use these iptables rules, because I don't like, >> don't >> >>> use and I don't wanna learn ufw. hehehehehe >> >>> > >> >>> > # Block P2P connections >> >>> > iptables -A FORWARD -p tcp --dport 1214:1215 -j DROP >> >>> > iptables -A FORWARD -p udp --dport 1214:1215 -j DROP >> >>> > iptables -A FORWARD -p tcp --dport 1981 -j DROP >> >>> > iptables -A FORWARD -p udp --dport 1981 -j DROP >> >>> > iptables -A FORWARD -p tcp --dport 2037 -j DROP >> >>> > iptables -A FORWARD -p udp --dport 2037 -j DROP >> >>> > iptables -A FORWARD -p tcp --dport 3501 -j DROP >> >>> > iptables -A FORWARD -p udp --dport 3501 -j DROP >> >>> > iptables -A FORWARD -p tcp --dport 3531 -j DROP >> >>> > iptables -A FORWARD -p udp --dport 3531 -j DROP >> >>> > iptables -A FORWARD -p tcp --dport 3587 -j DROP >> >>> > iptables -A FORWARD -p udp --dport 3587 -j DROP >> >>> > iptables -A FORWARD -p tcp --dport 3955 -j DROP >> >>> > iptables -A FORWARD -p udp --dport 3955 -j DROP >> >>> > iptables -A FORWARD -p tcp --dport 4242 -j DROP >> >>> > iptables -A FORWARD -p udp --dport 4242 -j DROP >> >>> > iptables -A FORWARD -p tcp --dport 4661:4672 -j DROP >> >>> > iptables -A FORWARD -p udp --dport 4661:4672 -j DROP >> >>> > iptables -A FORWARD -p tcp --dport 4688 -j DROP >> >>> > iptables -A FORWARD -p udp --dport 4688 -j DROP >> >>> > iptables -A FORWARD -p tcp --dport 5121 -j DROP >> >>> > iptables -A FORWARD -p udp --dport 5121 -j DROP >> >>> > iptables -A FORWARD -p tcp --dport 5662 -j DROP >> >>> > iptables -A FORWARD -p udp --dport 5662 -j DROP >> >>> > iptables -A FORWARD -p tcp --dport 6085:6086 -j DROP >> >>> > iptables -A FORWARD -p udp --dport 6085:6086 -j DROP >> >>> > iptables -A FORWARD -p tcp --dport 6346:6347 -j DROP >> >>> > iptables -A FORWARD -p udp --dport 6346:6347 -j DROP >> >>> > iptables -A FORWARD -p tcp --dport 6699 -j DROP >> >>> > iptables -A FORWARD -p udp --dport 6699 -j DROP >> >>> > iptables -A FORWARD -p udp --dport 6881:6889 -j DROP >> >>> > iptables -A FORWARD -p tcp --dport 6881:6889 -j DROP >> >>> > iptables -A FORWARD -p tcp --dport 8473 -j DROP >> >>> > iptables -A FORWARD -p udp --dport 8473 -j DROP >> >>> > >> >>> > >> >>> > >> >>> > >> >>> > 2010/6/4 Kaushal Shriyan<[email protected] >> >>> <mailto:[email protected]>> >> >>> > >> >>> >> >>> Hi, >> >>> > >> >>> > is there a howto for blocking p2p traffic on ubuntu >> 10.04 >> >>> server ? >> >>> > >> >>> > Thanks, >> >>> > >> >>> > Kaushal >> >>> > >> >>> > -- >> >>> > ubuntu-server mailing list >> >>> > [email protected] >> >>> <mailto:[email protected]> >> >>> > >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server >> >>> > More info: https://wiki.ubuntu.com/ServerTeam >> >>> > >> >>> >> >>> >> >>> > >> >>> >> >>> > -- >> >>> > Greyson Farias >> >>> > Técnico em Informática - CREA/AC 9329TD >> >>> > Ubuntu user >> >>> > Eu prefiro receber documentos em ODF. >> >>> > http://ubuntu.com/download/getubuntu >> >>> > Blog Ubuntu Acre: http://ubuntu-ac.org >> >>> > >> >>> >> >>> >> >>> > >> >>> > >> >>> >> >>> -- >> >>> ubuntu-server mailing list >> >>> [email protected]<mailto: >> [email protected]> >> >>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server >> >>> More info: https://wiki.ubuntu.com/ServerTeam >> >>> >> >>> >> >>> >> >>> >> >> >> >> >> > >> > >> >> -- >> ubuntu-server mailing list >> [email protected] >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-server >> More info: https://wiki.ubuntu.com/ServerTeam >> > > > > -- > Fábio Leitão > ..-. .- -... .. --- .-.. . .. - .- --- ...-.- > > -- Fábio Leitão ..-. .- -... .. --- .-.. . .. - .- --- ...-.-
-- ubuntu-server mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
