[ale] Bandwidth Monitoring to IP

Ned Williams nwilliams at interland.net
Tue Aug 14 11:08:45 EDT 2001


Ben Alexander wrote:

> I have MRTG set up a box in our internal/protected zone behind our
> firewall, which gathers the total traffic from our Cisco router.  Will I
> have any problems using this same box and MRTG to gather info from IPs
> both in the DMZ and the ones between the router and firewall?  We have a
> collection of Intel switches and a older Cabletron switch, fyi.
>
> Thanks,
> Ben
>
> -----Original Message-----
> From: root at newyork.pmg.net [mailto:root at newyork.pmg.net] On Behalf Of
> Ned Williams
> Sent: Tuesday, August 14, 2001 10:49 AM
> To: Ben Alexander; ale at ale.org
> Subject: Re: [ale] Bandwidth Monitoring to IP
>
> Ben Alexander wrote:
>
> > I've got a linux box running on a hub connected between our router and
>
> > firewall.  A switch with unprotected machines is also connected to
> > this hub.
> >
> > I've set up the latest NTOP for bandwidth monitoring, and it does
> > great, except that it reports all the IPs aliased to the firewall
> > under one listing.  This makes it hard to distinguish between certain
> > traffic for our virtual hosts, and what not.  Is there a way to get
> > NTOP to avoid looking at the MAC address that is the same for all the
> > IPS (b/c of firewall) or maybe another utility to try?  I've taken a
> > peek at netwatch and IP Bandwidth Watchdog but they don't exactly hit
> > the spot.
> >
> > Thanks,
> > Ben
> >
> > --
> > To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in
> > message body.
>
> MRTG, as long as each IP is tied to a logical or physical interface it
> will have an SNMP interface set of values under either the UCD or SNMP
> MIB II standards
>
> Ned

No,
Just make sure your use different community strings for your DMZ equipment
than you do for your prod enviorment, also make sure you use ACL's for all
snmp traffic in and out of your DMZ, also of course verify allowable
snmp/udp paths for the given poll source your mrtg box to the allowable
polled devices, the specific switches and servers in your DMZ. Also if your
still paranoid ,look at using the functions of MRTG to allow data from
sources other than its own internal perl based snmp modules, and then
utilize UCD-SNMP 4.2.1's agent to do snmp V3 polls, most hackers havn't
figured out much to do to attach V3 connections since it is virtually
impossible to spoof it. Another thing to consider is adding a dedicate
interface on  your mrtg box(in the same subnets as its other ip's) to do
just polling of the DMZ devices(to gaurd against sniffing by internal
sources)


Just a few thoughts,

Ned


--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list