I imagine this would be a FAQ but really I don't get the itch scratched
from reading the archives. Maybe I'm approaching this in the wrong manner.
Anyone written a script that connects to the PM3's, looks at the amount of
data transferred per unit time and decides whether or not a user is doing
anything meaningful, then disconnects them if appropriate? Looking for a
way to detect ping bots, without having to sniff all the time, as a first
line of defense.
Thanks,
Chris
===
What we do is set 5 hours per call. Once a day when we rotate Radius logs
I run a program that calculates each users calls, minutes, in and out
bytes. I then create a web page and have another script that goes through
this logfile looking for users exceeding x number of hours (I could do it
on transfers as well) and if a user users 12 hours and only transmitted
50k (both in and out combined) you know damn well there is something funny
there. (make sure you have some sort of written policy that you dont
allow IDLE, or unattended use) this way you can send off a warning email,
and next offence is a termination...
Jim
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.