[mrtg] Re: Network Bandwidth
Alex van den Bogaerdt
alex at ergens.op.het.net
Fri Jun 4 10:57:05 MEST 2004
On Thu, Jun 03, 2004 at 02:23:29PM -0600, james edwards wrote:
> I would disagree. Most DDoS are high pps attacks with very small packets.
> Looking at mb/sec will not show many attacks, they are only seen by looking
> at flows/sec or packets/sec.
>
> For this, MRTG/SNMP is the wrong tool. Routers fail under high packets/sec
> attacks where the total bandwith is below interface limits. Routers foward
> packets not megs.
And why would MRTG be the wrong tool to monitor packets per second?
Sure, when the router fails to respond at all, MRTG is not signalling
the problem. For that, there are other tools. However, before the
router is failing, I expect MRTG to be able to monitor the increasing
amount of packets per second.
Alex
--
I ask you to respect any "Reply-To" and "Mail-Follow-Up" headers. If
you reply to me off-list, you'd better tell me you're doing so. If
you don't, and if I reply to the list, that's your problem, not mine.
--
Unsubscribe mailto:mrtg-request at list.ee.ethz.ch?subject=unsubscribe
Archive http://www.ee.ethz.ch/~slist/mrtg
FAQ http://faq.mrtg.org Homepage http://www.mrtg.org
WebAdmin http://www.ee.ethz.ch/~slist/lsg2.cgi
More information about the mrtg
mailing list