You can get more info on little brother at http://www.littlebrother.com. Basically it sets up on a standard PC or Wintel Server. It is windows based and has a nice discovery feature that displays all hosts as they broadcast. This works with any firewall since it really is it's own stand alone product. Like I said, it plugs into the network on the same subnet as the firewall (or proxy, gateway, whatever), and runs in promiscuous mode. That's all, pretty simple. -Jesus -----Original Message----- From: Yvette Seifert Hirth, CCP, CDP [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 20, 2000 7:54 AM To: Jesus Gonzalez Subject: Re: Q2: How to Deal with Bandwidth Abuse Sorry to bother you, one *quick* question: This "Little Brother" product - does it work on dedicated hardware:software f/w setups? To avoid sniffers, I misspell stuff, so please don't be offended by the following: we use a ceesco picks. We've been hacked three times, hence our paranoia. Anway, can Little Brother be used in such an environment? outside the picks we have a two sicks two won rout-er, and inside the picks (on the inside n/w, not on the dmz) we have a two fahve won four rout-er. sadly, no proxy soivers nor other unix/linux boxes. we do run a syslog daemon on a W9x box which gets syslog from the picks, but other than that, it's all dedicated h/w+s/w setups. I've long searched for a content filtering:who's_on_first type product. It sounds great, and if we have to hang a unix/linux box off of the internal n/w we will. If so, can it be anywhere on the internal n/w? Should it be between the picks and the two fahve won four rout-er? Please advise, and Thank You for your time! ttfn y ----------------------------------------------------------------------- Miss Yvette Seifert Hirth, CCP, CDP Voice: (847) 263 6800 The DBT Group, Inc. Fax: (847) 263 6801 176 Ambrogio Drive Email: [EMAIL PROTECTED] Gurnee, IL 60031 WWW: http://www.dbtgroup.com NOTE: Please remove all occurrences of "nospam." from my address before sending me email! "... there were people who believed with absolute faith and absolute dogmatism in something. And they were so serious in this matter that they insisted that the rest of the world agree with them. And then they would do things that were directly inconsistent with their own beliefs in order to maintain that what they said was true." --Richard P. Feynman ----- Original Message ----- From: Jesus Gonzalez <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, September 19, 2000 6:20 PM Subject: RE: Q2: How to Deal with Bandwidth Abuse > First off, I'd like to know how it is that you have managed to keep 2200 > users happy through a single T1 :) > > Paul made a good point earlier that these issues really are policy issues. > However, acknowledging that you are dealing with college students, rules and > policies aren't their top priority. > I've used a product called 'Little Brother' that does a great job at telling > you who is using what services and how much bandwidth they're using up. it > lists them by top talkers, etc. One of the nicer features is that you can > block access to certain sites, you can block downloading of files (and > specific files, such as .mp3), access to FTP sites, etc. This sits in > promiscuous mode next to the firewall so it offloads this overhead from the > firewall. Since it works in promiscuous mode, it doesn't really introduce > latency, but it may enforce the rule 'after the fact' (the web page may > begin to load before it aborts). > > -Jesus > > -----Original Message----- > From: Stewart Dean [mailto:[EMAIL PROTECTED]] > Sent: Monday, September 18, 2000 4:00 AM > To: [EMAIL PROTECTED] > Subject: Q2: How to Deal with Bandwidth Abuse > > > I have responsibilities at a small (approx 2200 user) liberal arts college. > We > have been slowly getting the expenditure to do appropriate upgrades to the > network and IT infrastructure, usually the crisis du jour that finally > makes it > clear to the administration that, yes, they really do have to loosen the > purse > string. > We have been dodging various bullets related to a) having one T1 line and > b) > the students have Napster/Gnutella/Scour. Things have come to a head, and > we are looking better handle what we presume to be student bandwidth abuse. > The students will have their own T1 line, and the faculty and staff another. > > Still, we need to get a handle on locating bandwidth abuse offenders and > counseling them. > I'd like hear your experience with this problem. We have a pretty much > all > Cisco environment: a 5500 as a backbone, fiber to 2924s. All connections > are > out of a single switched port, or will be soon after we phase out the last > of our > old IBM hubs. > If there's a better place to ask this question, please suggest. > > How do you track bandwidth abusers at the firewall? Can you identify > locations heavily used by abusers? What tactics have you come up with to > deal > with Gnutella and Scour? > > to shift access control from router access control lists to a true firewall > in order > to get the benefits of logging, stateful connection handling and the > like.--- > // "I build my cars to go, not to stop", Ettore Bugatti > // Stewart Dean Kingston, NY > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] > - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
