"Markus Loeffler" <[EMAIL PROTECTED]> writes:
>how can i count Traffic that is coming in to or going out from my
>external (unsecured) Interface to and from the Internet ?
>I'm still using SQUIDV2 Proxy but that wont count directly
>routed Traffic.
Some of our customers use NFRs to do accounting as well
as intrusion detection. Since our traffic analysis engine
is programmable, it's pretty easy to modify the service
tracking packages (web, smtp, ftp, etc) to not only
record the source/destination/user/url/whatever, but to
record a "cost value" for that category of service. Then
you can export the log records and apply a billing model
against the cost value. Or you can just take the default
logging options and export those and apply all the costing
externally.
The vast majority of the filter packages that come with
an NFR are aimed at doing intrusion detection, but there
are a number of logging/tracking packages that just
record usage and statistics - including STMP usage
(it counts recipients, etc) and web usage (including
web server detection). Since the NFR is a sniffer, rather
than a firewall or router, it'll monitor all the traffic
going in and out of your firewall, not just the stuff
that's routed to your proxy.
You can charge your users $500/packet if they're doing
ping sweeps and $.00001/packet if they're doing DNS. :)
Or charge per URL. :) Whatever. Customizing filters takes
some knowledge of networking and programming skill, but
the basics of what you want are already there.
mjr.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
