If you can set up your gateway to export Netflow data, you get excellent data for tracking your traffic (connection metadata) without all the bulk of keeping a full copy of the traffic.

There's a large number of tools available for collecting, analyzing and otherwise dissecting collected Netflow data, with a good number most likely available via your favorite free Unix-like operating system's packages collection. My favorite combo is to set up an OpenBSD box as the gateway, have it export traffic data via the pflow(4) facility and do the collection and analysis bits somewhere via nfdump/nfsen (see eg nfsen.sourceforge.net for info).

There are various resources available within direct reach of web search, but I would also recommend taking a look at Michael W. Lucas' book Network Flow Analysis for a nice treatment of Netflow in general (it uses flow-tools, but most of what he writes will be useful in the context of other tools too).

I think it's worth mentioning to anybody who enjoyed this article that Michael W. Lucas has a fresh SSH book out called 'SSH Mastery'. Initially an ebook, but becoming available right about now in a paper version too.

Amazon will have it, or if you're shopping for OpenBSD stuff anyway (as you should, OpenSSH which is almost certainly the ssh and sshd on your system, is essentially an in-tree development at OpenBSD), www.openbsd.org/books.html and tentacles of the ordering system will show you where to get it.

I think the main problem here is that at least a s significant subset of the suits (and probably other non-techies) tend to think of Microsoft Exchange and its obnoxious client as the only way to handle email. Keep in mind that the main design smells appointment book not messaging. My longish rant on the topic can be found at http://bsdly.blogspot.com/2011/02/problem-isnt-email-its-microsoft.html , enjoy!

- Peter

I'm pretty sure that embracing the root zone poisoning .xxx domain wankers is not ever going to earn them enough cash to help a single animal in need. This is a total waste of time and money IMNSHO. The kind of story you'd expect to see in very-late March or very-early April, but that doesn't fit the calendar in that particular universe I inhabit.

firefox developers could do a lot worse than reading the openbsd-misc thread that starts with http://marc.info/?l=openbsd-misc&m=130683944229077&w=2 and take some of it to heart.

In the meantime I'd love any pointers at all to where you can buy the systems they used for development and testing - apparently you can actually buy systems with infinite memory so you can do extensive testing and never notice firefox has a memory management problem.

Number of firefox crashes while typing this comment: four.

I think you're touching on a very large part of the problem when you write

> The big problem I am having is with companies and websites. These emails are often no-reply, which means I can't send back a quick note.

I've always thought that sending messages with invalid return addresses or with a return address that's routed to the functional equivalent of /dev/null is intolerably rude. In fact, I think sending a message with the intention of discarding any reply is pretty close to the maxiumum amount of disrespect you can show your message's recipient.

I have one message to the executives of companies that send email with 'no-reply' return addresses deserve to be faced with a boycott: If you're not interested in reading our replies, we're not interested in sending you any money either.

I don't think Microsoft Exchange addiction (as I've blogged on in the past, see my .signature) should count as an excuse either. Sending mail with a deliverable return address is a matter of a minimum of common courtesy and civilty.

The concept isn't very new or radical, but it will be interesting to see how their implementation behaves in real life.

Over in OpenBSD land, PF has supported tables of IP addresses that can be manipulated on the fly for years (see eg these table samples. One common use is (courtesy of another useful adaptive feature called state tracking options) to detect and block bruteforcers (see eg this set of tutorial examples). In addition, the OpenBSD versions of dhcpd and bgpd as well as other applications are routinely set up to interact with your filtering config via tables.

Another adaptive or dynamic feature is anchors, named sub-rulesets where applications such as a proxy (ftp-proxy for example) or relayd (the load balancer) can insert and delete rules as needed. You can manipulate rules inside anchors from the command line too, of course.

My BSDCan slides has more material, as of course does The Book of PF, and never forget The PF docs as the authoritative source.