ISP Monitoring

[ScottF]

I think I already know the answer to this but I'm going to ask incase there is a way to do it.

We are part of a larger network (ring) with other Universities. We all use a common ISP for our connection to the internet. Recently an DDoS attack was targeted at another Univeristy on the ring. This meant that our Internet connection was degraded, however everything internal was running at the speed we would expect.

Is there anyway to monitor for this degredation in service? The only thing I could think of is a simple ping poll out to a server on the internet, however if the connection is just degraded this may not be picked up.

Thanks

[icecream-guy]

baseline your ISP traffic,  one you get a good feel for the amount of traffic, you can implement some sort of tool to alert when the traffic goes outside the norms determined in the baseline.

BTW you can't fix a DDoS attack, once it hits your router it's too late, you can talk to the ISP about add on DDos Services
where, when a DDoS is happening, the ISP takes action so your ISP circuit doesn't get saturated.

[ScottF]

We've done the baseline thing, unfortunately the problem with this is that baseline changes depending on the time of year. When all the students are on campus we have much higher usage than during half-terms/holidays etc where the usage plummets.

This just means our baseline check has to be dynamic depending on the time of year.

[icecream-guy]

we use HP NNMi for monitoring out ISP traffic,  it dynamically creates a baseline and a sleeve around the baseline  +/- 5% for example.  anything that goes outside the sleeve gets alerted.  somthing you've be interested in,  the concept, not the product.
(NNMi is expensive)

[ScottF]

Thanks for the info, we are currently looking to procure a network management/monitoring tools so it could be something to include (we will probably get HP's iMC).