Re: Bandwidth Information

[Erek Adams <erek () theadamsfamily net>]

On Wed, 29 May 2002, Cooper Arthur B Contr WCOM wrote:

>       Does anyone know of an "add-on" or PERL script that can do some
> "ciphering" for me and tell me what percentage of my bandwidth is generating
> alerts with SNORT?  I have a snort server set-up on a SPANNED 100
> MBS/Full-Duplex port that feeds the internal LAN of a large US Military
> installation.  I absolutely LOVE SNORT, but now that I see all of the crazy
> stuff being thrown at us via the Net, I was wondering if there was a way to
> show what percentage of our bandwidth is literally being wasted by the
> amount of cmd.exe, code red, SQL Worm 1433 stuff etc. etc. that is coming in
> here and "banging" my firewalls.  THANKS!!

Well, the first thing that comes to mind is to use MRTG on your router and
firewall.  Using that, measure the amount of incoming traffic from the router.
Then measure the amount of traffic that "leaves" your firewall--If it goes
thru your firewall, it should be legitimate traffic, right?  Subtract number
one from number two, and you should have a rough idea of how much 'wasted'
bandwith you have.

But of course, I haven't had my coffee yet--So I could be entirely
crackheaded.  :)

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________________________

Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users