In-Reply-To: <[EMAIL PROTECTED]>
There are many chances for your bandwidth hogging,
May be some virus kind of activity,
Constant downloads of MP3, etc.,
A Simple and best solution is, install snort in a linux box
and connect the same to the network. It will identify the
person (machine) which is hogging the bandwidth.You can
also block or reset packets comming from unwanted sites.
Else you can put a bandwidth managing rule on the router.
It is IP based BW Mngt.
Hope you would have got some idea, for further details do
write to me.
regards,
Raj
>Received: (qmail 15840 invoked from network); 23 May 2002
00:11:34 -0000
>Received: from outgoing3.securityfocus.com (HELO
outgoing.securityfocus.com) (66.38.151.27)
> by mail.securityfocus.com with SMTP; 23 May 2002
00:11:34 -0000
>Received: from lists.securityfocus.com
(lists.securityfocus.com [66.38.151.19])
> by outgoing.securityfocus.com (Postfix) with QMQP
> id 9476EA319D; Wed, 22 May 2002 17:44:28 -0600 (MDT)
>Mailing-List: contact security-basics-
[EMAIL PROTECTED]; run by ezmlm
>Precedence: bulk
>List-Id: <security-basics.list-id.securityfocus.com>
>List-Post: <mailto:[EMAIL PROTECTED]>
>List-Help: <mailto:[EMAIL PROTECTED]>
>List-Unsubscribe: <mailto:security-basics-
[EMAIL PROTECTED]>
>List-Subscribe: <mailto:security-basics-
[EMAIL PROTECTED]>
>Delivered-To: mailing list security-
[EMAIL PROTECTED]
>Delivered-To: moderator for security-
[EMAIL PROTECTED]
>Received: (qmail 27448 invoked from network); 22 May 2002
13:07:13 -0000
>Message-ID:
<[EMAIL PROTECTED]
plus.com>
>From: Jesse Morgan <[EMAIL PROTECTED]>
>To: "'[EMAIL PROTECTED]'" <security-
[EMAIL PROTECTED]>
>Subject: FW: badnwidth monitor
>Date: Wed, 22 May 2002 09:10:19 -0400
>X-Mailer: Internet Mail Service (5.5.2650.21)
>
>
> Hi, this is my first post to this list, so go easy on me.
>
> I've just started working as an IT intern at an
architecture firm with
>around 80 people. We supposedly have a fractional T1
connection of some
>type, but frankly, my DSL connection at home is more
responsive. I know for
>a fact that most people here don't use the connection
(about 10 ppl total
>actually do).
> I want to find out where the bandwidth is going. I
figure I could set up a
>proxy, but that would take alot of effort getting the Idea
through the
>Admin(*grumble*)...(there's currently NO security here,
but I'm trying to
>change that.)
> I know that we have a Cisco router of some sort, but I
haven't really
>gotten a feel for the equipment yet. is there a passive
way for me to
>figure out who's hogging the bandwidth? For all I know,
someone could have
>found a securiy hole and they're hosting an warez site off
of us :/
>***Anything*** is possible here.
>
>
> thanks,
> - Jesse the Intern
>
>
