On 11/4/2017 12:54 PM, Demosthenes wrote:
Hello,
I want to see port mirroring on the router and switch. I want to keep a
log of all packets outbound, and the IP address they are going to. If a
particular IP address exceeds the configured data cap, I call it
suspicious and I want to be notified. So if the data cap is 4 MB/day to
an IP address, I want to see the top 20 or 30 violators. Suspicious
download of data can be monitored.
On the endpoint, the users can designate files or folders they want
monitored. I get a daily log of data access (as the Unit Information
Assurance Security Officer), and if access seems excessive, or access to
a blacklist IP seems suspicious, I want to be notified.
This software is licensed for open public use.
A copy of this notice should be placed in the comments section of the
using source code as a condition of use.
Thank you,
Howard S. Hong