Well snort will indeed dump more than enough information (maybe to much) ,
but understanding that information is not trivial, plus snort will show
you the incoming traffic to the computer it's installed on , unless that
computer is the gateway you wont get the needed data , if you will install
it on the gateway , it WILL consume a lot of resources (disk I\O mainly) ,
I would suggest checking weather your line is really congested , it might
be remote and\or busy sites .
_|_ |__ ___ __ __
|_, | ) (__/_ (__) (__|
__/
On 23 May 2002 [EMAIL PROTECTED] wrote:
> In-Reply-To: <[EMAIL PROTECTED]>
>
>
> There are many chances for your bandwidth hogging,
> May be some virus kind of activity,
> Constant downloads of MP3, etc.,
>
> A Simple and best solution is, install snort in a linux box
> and connect the same to the network. It will identify the
> person (machine) which is hogging the bandwidth.You can
> also block or reset packets comming from unwanted sites.
>
> Else you can put a bandwidth managing rule on the router.
> It is IP based BW Mngt.
>
> Hope you would have got some idea, for further details do
> write to me.
>
> regards,
> Raj
>
>
>
>
>
>
>
>
>
> >Received: (qmail 15840 invoked from network); 23 May 2002
> 00:11:34 -0000
> >Received: from outgoing3.securityfocus.com (HELO
> outgoing.securityfocus.com) (66.38.151.27)
> > by mail.securityfocus.com with SMTP; 23 May 2002
> 00:11:34 -0000
> >Received: from lists.securityfocus.com
> (lists.securityfocus.com [66.38.151.19])
> > by outgoing.securityfocus.com (Postfix) with QMQP
> > id 9476EA319D; Wed, 22 May 2002 17:44:28 -0600 (MDT)
> >Mailing-List: contact security-basics-
> [EMAIL PROTECTED]; run by ezmlm
> >Precedence: bulk
> >List-Id: <security-basics.list-id.securityfocus.com>
> >List-Post: <mailto:[EMAIL PROTECTED]>
> >List-Help: <mailto:[EMAIL PROTECTED]>
> >List-Unsubscribe: <mailto:security-basics-
> [EMAIL PROTECTED]>
> >List-Subscribe: <mailto:security-basics-
> [EMAIL PROTECTED]>
> >Delivered-To: mailing list security-
> [EMAIL PROTECTED]
> >Delivered-To: moderator for security-
> [EMAIL PROTECTED]
> >Received: (qmail 27448 invoked from network); 22 May 2002
> 13:07:13 -0000
> >Message-ID:
> <[EMAIL PROTECTED]
> plus.com>
> >From: Jesse Morgan <[EMAIL PROTECTED]>
> >To: "'[EMAIL PROTECTED]'" <security-
> [EMAIL PROTECTED]>
> >Subject: FW: badnwidth monitor
> >Date: Wed, 22 May 2002 09:10:19 -0400
> >X-Mailer: Internet Mail Service (5.5.2650.21)
> >
> >
> > Hi, this is my first post to this list, so go easy on me.
> >
> > I've just started working as an IT intern at an
> architecture firm with
> >around 80 people. We supposedly have a fractional T1
> connection of some
> >type, but frankly, my DSL connection at home is more
> responsive. I know for
> >a fact that most people here don't use the connection
> (about 10 ppl total
> >actually do).
> > I want to find out where the bandwidth is going. I
> figure I could set up a
> >proxy, but that would take alot of effort getting the Idea
> through the
> >Admin(*grumble*)...(there's currently NO security here,
> but I'm trying to
> >change that.)
> > I know that we have a Cisco router of some sort, but I
> haven't really
> >gotten a feel for the equipment yet. is there a passive
> way for me to
> >figure out who's hogging the bandwidth? For all I know,
> someone could have
> >found a securiy hole and they're hosting an warez site off
> of us :/
> >***Anything*** is possible here.
> >
> >
> > thanks,
> > - Jesse the Intern
> >
> >
>
