Hi, thank you very much for your help, it was a NAS sending 4000pps of "arp who-as" to all of this clients. Marc
> On 13 Sep 2024, at 12:16, Peter N. M. Hansteen <pe...@bsdly.net> wrote: > > Hi, > > As Tom mentioned, one of the least resource consuming ways to identify sources > and volumes of the traffic seen on or in and out of your network is to set up > for pflow aka netflow sensors and collectors. > > Based on the data you collect you can then analyse and make decisions > that hopefully reflect the actual traffic patterns you are dealing with. > > Several sources of useful information are available, Tom already mentioned > The Book of PF and the article about tracking down a source of disruption > based on netflow data. > > It is possible that you could find something useful in the slides for the > latest "Network Management with the OpenBSD Packet Filter Toolset" tutorial, > to be found at https://nxdomain.no/~peter/pf_fullday.pdf (possibly to be > updated for the upcoming Dublin event). > > I would of course be delighted if you do buy The Book of PF, and the > article Tom referred to can also be found *without G's trackers* at > https://nxdomain.no/~peter/yes_you_too_can_be_an_evil_network_verlord.html > (the liberated versions of other blogposts can be found, pre-prettification > at https://nxdomain.no/~peter/blogposts/) > > - Peter > > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
