A new project I have due. I could use assistance.
Hello. Nice site.
I need to build a "box" of some sort that can monitor packets for individual IP addresses. This would send alerts if there was an absorbent amount of traffic on an "odd port" (worms, Trojans, malware - to be customized) and let us know which IP it's coming from.
This is for a large (and growing) WiFi ISP.
We just need to know when these scumware's are using bandwidth so we can alert the client and/or turn them off.
The through-put is 45MB a second at the nock. (So a 10/100 NIC is sufficient)
I was thinking of something like TCPdump or similar. I think reporting EVERY packet could be very cumbersome for this box - so maybe ever 5th packet or something. Then show a % or somthing.
This box will not be in our physical location - so we would like the data to be pushed over to a PHP site , or so we can remotely see the data.
I would like this to be a rack, but the physical is not important right now.
Any good ideas here on this?