On October 21, 2003 02:11 pm, SBlaze wrote: > > I agree the response is indeed sad, but I believe that's typical for > > that sort of forum. Watching the traffic coming in to your router and > > charting it > > > > is NOT any sort of violation of any *rational* AUP. Going farther than > > that might well be. The average user of cable internet access has little > > idea of what goes on beyond the screen. I've noted that DSL reports has > > a few decent <SNIPPAGE> > > > > This is the section that I am wondering about in Charter's AUP. > > 7. NO ?HACKING" > > Customer will not use, nor allow others to use, the Service to access the > accounts of others or to attempt to penetrate security measures of the > Service or other computer systems (?hacking?) or to cause a disruption of > the Service to other on-line users. Customer will not use, nor allow others > to use, tools designed for compromising network security, such as > password-guessing programs, cracking tools, packet sniffers or network > probing tools. > > Wouldn't ntop be considered a "probing" tool? Welll ... it does incorporate a packet sniffer. At that level, I can see how you feel that you might be violating AUP firing it up pointed at your outside connection. However, despite not being a lawyer, I can point out that the intent of the section is defined clearly: No Hacking. Soooo .... no coding on that there system now, no debugging allowed, no analysis of bleeding edge source code AT ALL darnit!!! (sorry old bone of mine) Intent here is fairly legally clear. Don't go looking for a way to violate the integrity of the network or the security of any systems attached to the network. Analize your bandwidth, but don't retain info that could detail a method of accessing any other system on the network. I know that it seems a fine line, but I believe that if you are doing this in the spirit of analizing the network traffic to see if YOUR system is a problem, you are unlilkely to have major issues. The individual supposedly from your ISP that replied (in that other forum) is clearly far from a network security analyst. I doubt they understand the functionality of a tool like ntop. I know from past experience in my own co (cough) that we do indeed lock down IP's that are operating in promiscuous mode, and also IP's that are clearly and documentably infected with DDOS tools. However, we do NOT automatically terminate the account based on this behaviour. Frequently the issue is that the system has been compromised remotely, and the sub is actually as much a victim as a culprit. Unfortunately this is a two edged sword, in which some (cough) people get away with murder. > > And getting back to my original reason and question for this post. How > statistically can you see just how much iptables/netfilter is using of > system resources? Got me on that ... I know that with only minimal processing on the firewall and three winders boxen downstream hammering the net connection, my linux box is using 0.7% system consistently (AMD Athlon 1500 756mbRam and kernel 2.4.22 iptables 1.2.7a, pom from January) With my desktop up and running (kde 3.1.2 ) with xmms and konqueror and other such things running, and my other half playing Sims online and me pulling Xfree86 current CVS right now I'm seeing Umm 2.6% system load. (most likely the sound drivers) -- plus something seems to be searching my website........hmm -- not google. (yes ... thats a bad habit... but my desktop is the net connection for the household... I'm working on that) On a dual pp 48Mb ram in a colo handling ~~1Gb/day data the system hasn't broken 0.8% in over two months. (2.4.19, iptables 1.2.7a, no pom, no extras, boots and runs from cd, logs remotely) *shrug* ... last time someone decided to ddos my network neighbour in the colo, I saw some serious load *grin* ..the system usage actually hit 5%, but I suspect that was the logger more than anything else .. .since I was dropping and logging packets like crazy at the time. I'm still inclined to say that if you are concerned about the difference between TCP pings to game servers and the so called ping time in game that the issue lies with the game server. I doubt from what you've posted so far that the local outside network or iptables is causing your problems. > > Thanks Everyone > SBlaze > > > ===== > In the absence of order there will be chaos. > > __________________________________ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product search > http://shopping.yahoo.com -- Alistair Tonner nerdnet.ca Senior Systems Analyst - RSS Any sufficiently advanced technology will have the appearance of magic. Lets get magical!
