That information i can share, but i can't say you where and when. In this time i don't have VPN for personal use, i have set it for company i worked for. Administrators use that connection for secure connection to manage data center.
Snort will allow you to automatically profile traffic. Netflows is fine but you need to get that data from somewhere. I assume this is just a dedicated server or vps so you are unlikely to get that data.
@ttsaon said:
ValdikSS can you provide details about netflow. did you use it ban p2p on vpn server?
No, netflow is designed to get you source_ip-source_port_destination_ip_destination_port data, which you can log and analyze later. To block p2p traffic, you need nDPI http://www.ntop.org/products/ndpi/
Comments
L7 is the way to go.
Whats L7? I tried googling it but couldn't find anything related to monitoring
Hi,
You can try to use ntop or BandwidthD.
Snort or Surricata
I think he means Layer 7 - http://en.wikipedia.org/wiki/OSI_model
@ZEROF with ntop or BandwidthD. how to find bad user?
ttsaon just see who is using to much of your server resource. BandwidthD will show you where traffic goes:
@ZEROF did you setup vpn on your server?.
That information i can share, but i can't say you where and when. In this time i don't have VPN for personal use, i have set it for company i worked for. Administrators use that connection for secure connection to manage data center.
@ZEROF the pic you show only total traffic daily . so I can not find "bad user" with vpn any idea?
Just under the logo you can choose which time frame you want to see.
The best way is to use NetFlow.
@ValdikSS can you provide details about netflow. did you use it ban p2p on vpn server?
Snort will allow you to automatically profile traffic. Netflows is fine but you need to get that data from somewhere. I assume this is just a dedicated server or vps so you are unlikely to get that data.
No, netflow is designed to get you source_ip-source_port_destination_ip_destination_port data, which you can log and analyze later. To block p2p traffic, you need nDPI http://www.ntop.org/products/ndpi/
You buy VPS from each locations and You sell VPN service to other people?
Most VPS providers ONLY allow VPN for personal use. Why don't you get dedicated server?