Hi people,
Our network was down the last 12 hours due to an icmp dos attack..something
we would like to see coming next time..instead of looking for broken
routers, blaming our upstream provider and having the telco company
checking the physical connection to the upstream provider ;)
Anyway, i think ntop could do the job..and I was just wondering if people
have experience with using it to monitor realtime up/down streams totals to
mainrouters and to individual hosts behind the routers, as well udp/tcp
traffic as icmp traffic. (and by using it in combination with scripts,
automatic paging or sms-en warnings)...no the web interface.
And on alerting when totall traffic is reaching a limit to the main router,
is it possible to generate somehow a more detailed report of who is taking
up the resources?
Are there any example configs/rules which people are willing to share?
I hope so..would get me in the right direction.
Thx
Frank
Our network was down the last 12 hours due to an icmp dos attack..something
we would like to see coming next time..instead of looking for broken
routers, blaming our upstream provider and having the telco company
checking the physical connection to the upstream provider ;)
Anyway, i think ntop could do the job..and I was just wondering if people
have experience with using it to monitor realtime up/down streams totals to
mainrouters and to individual hosts behind the routers, as well udp/tcp
traffic as icmp traffic. (and by using it in combination with scripts,
automatic paging or sms-en warnings)...no the web interface.
And on alerting when totall traffic is reaching a limit to the main router,
is it possible to generate somehow a more detailed report of who is taking
up the resources?
Are there any example configs/rules which people are willing to share?
I hope so..would get me in the right direction.
Thx
Frank