On 19/02/2004, at 9:43 AM, Shay Telfer wrote:
Is it possible the BigPond traffic logs are updated sometime during
the evening, leading to the big jump?
It was an hourly usage chart I was looking at.
The weirdest part was the sporadic nature of the usage from hour to
hour, up and down, no real pattern.
It's also possible there are some folks doing nasty denial-of-service
stuff.
One possibility is installing HenWen and Snort or running a packet
sniffer to see what's coming down the line. Of course it's possible
it's blocked at their router, but you still get charged for it.
So, would a monitoring tool still show anything if this traffic is
being blocked at their modem/router?
I looked at tcpdump/ipaudit and it's either too humid or they seem too
tough to implement, given the fact he is gonna switch ISP regardless.
For the money he has paid 'them', I see his treatment/service as
despicable.
Aside from this he has had multiple issues with this ISP, their
attitude and service level throughout has been well below par.
If 'they' were dentists I think ppl would be less forgiving.
So far opinions have lead me to believe it's not 'them' causing this
but some other possibly malicious entity, if so does anyone think that
this kind of attack could occur despite who the ISP is?
In other words do any ISPs attempt to stop or filter this kind of thing
or are we on our own?
Have fun,
Shay
Thanks Shay, I am.
Cheers
Paul
