They store around 200TB per month, which isn't that expensive on a bare metal server. That said, i also know of a company that just captures everything and stores it for 2-3 months. If it is for later analysis, i usually wont go for full packet captures, but use something like netflow to only capture meta-data (source-destination ip and port, number of packets and bytes) just to reduce the costs. If you want to monitor a server because you don't trust it, i wouldn't do it on the server it self, but use a second server and have the switch mirror the traffic to/from that server (monitoring port). Even under the hood of most other solutions you will find libpcap/tcpdump. Tcpdump/libpcap is kinda the industry standard for packet capturing. Maybe start with sFlow or Netflow first, to get a feeling for your traffic flows.Ĥ320 * 30 = 129,600Gb/month = 16200 GB / month So when you backup your mirror every night to another location, you automatically get the backup back through the mirror and the size will grow exponentially.Īlso be sure you know how much traffic is going through that. That would also include IPsec traffic to other locations. So lets say, you mirror only the port to the external firewall. So you better not have any significant traffic in there.Īlso you need to make sure that you don't mirror the mirror. If you have a 25Gb/s server connection and want to mirror 40 other 25Gb/s links, you have a 1/40 oversubscription of that mirror port. Mostly this is done for Troubleshooting (for example Riverbed) and for Intrusion Detection / Behaviour Analysis (Darktrace, etc.).īut you need to understand where to mirror the traffic and how much traffic that is going to be. You can without a problem mirror traffic to servers, there are some use cases for that. I'd rather deal with the occasional "I can't get into X, oh, it is because of the malware/ad blocker, try somewhere else" conversations than have the tech support load of undoing drive-by installs!Īlso, I wouldn't want other people to easily add stuff to my network's whitelist.Īnyone who really objects can always use their own mobile data plan instead of using my network that runs just fine the way I want it to.On a serious note, do you know how much traffic you are talking about? Other people is why I run blocking at the network level ATM (as well as on my individual mobile devices). ![]() > Personally, I find a browser based advert/tracking blocker add-on to work better. > a family member or co-worker can't get to a site then they have no way to bypass it unless they also know how Pi-Hole works I doubt the information isn't available elsewhere if I really care about it, and the most insidious stuff I'm blocking tends to be on less important content that I can live without anyway ( was the final straw that made me install network-level blocking - too many pop-unders, the occasional drive-by install attempt, adverts trying to access my microphone and/or camera, and less worrying but still annoying things like auto-playing audio - if such frivolous sites block me for blocking their ads because they can't police them properly I'm sure I'll live!). pertaining to a certain industry or hobby/interest)? Do you see it a lot on sites with a particular pattern (i.e. I think I've only seen that once since running pi-hole (which I've done for about six months now), so I assume the rate of occurrence varies widely with what people are browsing. > many sites that detect that their adverts and tracking scripts don't load and refuse to let you in and its always off for sites like paypal, because I really want that payment to work and not suddenly screw up the whole transaction. i have to disable my browser adblocker at least once a month, because something doesn't load. with a browser plugin, at least you can disable it for that specific case. you have to rely on a 3rd party, usually some volunteers - great people btw - but even a huge crowd like them can't make sure, that from time to time, in some part of the internet, in some specific country and language, something will be blocked by mistake and you are stuck. You can't seriously maintain these block lists yourself. most people can't afford to play around with that until it works. whos domain is unfortunately blocked in pi-hole? even one single incident might force you to entirely disable pi-hole. Oh really? that's how easy it is in your world? and then you just don't buy that flight ticket? because that shitty online ticket agent uses third-third-party payment providers etc. ![]() I can't hear this short-sighted comments "it doesn't load with pi-hole? then I just close the tab!" ![]() Pi-Hole is essentially useless for real world scenarios.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |