November 28th, 2001 06:35 PM
Network flood detection/protection
I need a program that runs on our router(a linux box) that can watch all our four segments and send out an alert(eg. an email or something like that) if someone starts to flood the network with e.g. ping-flood,winnukes,syn-flood and so on.
We have to use it on a party network, my company has specialized in delivering network for computerpartis.
And we found that flooding attacks has come very populare so we need som protection.
November 28th, 2001 06:38 PM
HAVE YOU CONSIDERED IPCHAINS YOU FOOL
November 28th, 2001 06:42 PM
hmm, not sure what kind of commercial tools are out there for your linux box, but... you might try Snort, it is an open souce Intrusion Detection system, that has rules you can set to only scan for floods of various types, if you want...
There are lots of different add on packages that people have created, for notification, storing alerts/packets in databases, etc, etc... snort can be pretty resource hungry, but if you are only looking for floods, then the number of rules it works with is very low, so resources might not be an issue for you..
November 28th, 2001 06:50 PM
hehbris>Im talking nice to you, then i except you to do the same
IchNiSan> i will check out snort
But i dont need a filter, i need a program that can "sniff" the network. If i use ip-chains i cant prevent network flooding. I can prevent the net-flood from crossing the routers but thats dont what i need.