[afnog] Help on Access list Evaluation
Patrick Okui
pokui at psg.com
Mon Jul 17 10:55:34 EAT 2006
On Monday 17 July 2006 10:34, Mangaliso Jere wrote:
> Guys
>
> I am experiencing an up surge of traffic on my network. At
> the moment am reviewing my access-lists. If the are any other
> rules I can add.
IMHO that's the wrong way to solve the problem. You could just
deny any any and that would take your traffic down to zero, but
that wouldn't help your clients AFAIK.
Step 0.
Find out what "type" of traffic you are seeing by running a
sniffer like tcpdump/ntop or ethereal.
Step 1.
Step 0 should tell you if you are seeing legitimate traffic in
which case you need more bandwidth.
Step 2.
For the illegitimate traffic you then filter out ports or
misbehaving hosts accordingly (and probably offer to clean up
their computers for a fee etc)
i.e work from step zero downwards... not step2 upwards like you
are currently doing.
--
patrick
More information about the afnog
mailing list