|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Redirecting mail (Re: Throttling mail)
On Thu, 25 Mar 2004 14:43:33 CST, Adi Linden said: > Where is something like this documented and explained? If your customer-facing routers/switches are able to generate flow statistics, it's a Small Matter Of Programming to have something catch said data and do the analysis. You might need some semi-studly backend systems, but the basic idea isn't any more complicated than a 'cut | sort | uniq -c | sort -nr | head' pipeline. As a data point, some 200 of our boxes got nailed by Witty, and the flow data for udp/4000 for 3/19 and 3/20 was 18GB. Of course, since essentially each packet ended up being a separate flow, this was a very worst case scenario (one box alone did 3M flows in 1 hour, but it was on a 100Mbit port). Expect much lower numbers of flows from even the most ambitious cablemodem or DSL based spambot. ;) Attachment:
pgp00033.pgp
|