Wednesday, November 10, 2010

Monitoring the ISP monitors

I had an interesting run-in with my ISP twice in October. I was toying with utorrent to pull down some (free) Linux and Windows rescue disks and mistakenly set it to serve out one of my kid's movies from the family home server. So the ISP cans my Internet connection until I call and explain myself to the ISP security group for hosting copy-righted material. They were all very polite, but its embarrassing to note that the utorrent software was still running as a service and such even after I uninstalled it after my initial downloads. Point is, don't be a pirate, or you will lose your tasty Internet connection.

So I asked the security guy how I could monitor my home network to ensure I know what is going on with my connection, just in case my household messes around with torrents again or picks up a zombie bug later. After all, one day my boys will be old enough to read and type, and I may have one of these painful calls in a rather uninformed status due to their on-line activities and not my own, right? He spouts out a little-known public URL where our ISP hosts free security tools for their customers, mostly one-time malware scanners and such, and offers nothing realistic or real-time. He mumbles that he heard something about "Wireshark" being useful in identifying issues.

Now I was playing dumb, or "being polite and listening" as my wife suggests I should with technical support, and I was a bit surprised that this was the best that my ISP could offer. They were apparently nice enough to take the piracy complaint on as their own corrective action and not identify me to the offended party this time as a "first offense", but they had no real options to help arm their customer base against future issues. They also had no suggestions for local contractors or specialists that might be available to clean up my systems for hire, or anything else. I know that Wireshark is a network sniffer, as I worked with it when it was known as Ethereal, and it certainly is NOT a tool one would advise for a home user. Even a professional's eyes would glaze over trying to use it to "monitor their network". As parents and working stiffs, we are just too busy and need these things simplified.

Now I had to answer my own needs. I want a simple method to monitor and log my home's on-line traffic. For now my interest is just to ensure there are no wayward spikes in traffic, but some readers might have ISPs that charge for such spikes, and they would need a way to verify what their ISP claims on the bill. Digging through my various collected programs and Google, I came upon an old solution that would provide a live graph of ISP traffic, simple enough that my wife could check on it while I am away from home (bonus!). Unfortunately it requires SNMP, which is not available on my particular brand of household Linksys router by default. Below is my road map to set up a working ISP monitor within a home network, bearing in mind that one would prefer a free solution and would use primarily a Windows operating system.

1) Get the graphing software:

Paessler offers a free-to-home-use tool called "PRTG Traffic Monitor". This application is used to collect SNMP messages from enabled devices on your network (router, home server, laptops, et al) and then graph that data in a pretty display window. This output can be hosted as a web page, so now you have something real to add to that silly intranet web page your Windows home server came with!

2) Activate SNMP from the router:

Either buy a new router that offers SNMP, or flash the router with a new firmware or "operating system" that supports SNMP. Flashing the firmware can be a bit frightening for a technically challenged user and there is always the possibility of bricking your device. The process is generally well documented and a technical friend can probably assist one afternoon for a plate of brownies or other homespun favors. In my case, many Linksys home routers can have their firmware replaced with a miniaturized Linux-based OS that expands the features available on the router. I happen to be interested in the DD-WRT project that adds on SNMP and VPN support. SNMP will be for this monitoring task, and the VPN capabilities are for future expansion. If flashing the router is not an option to you, put this feature on your shopping list for your next router, because when that wayward lightning strike does occur you may forget this key feature in your shopping frenzy. :-).

3) Configure SNMP to be secure:

SNMP is an older technology, and you will not want to introduce any new security problems for your home. Be sure to read up on how to secure SNMP, particularly by using the most recent version, and limit which systems or address ranges will communicate with it within your network. As always use a really long and difficult community string/password to make it just a little bit tougher.

4) Finishing up:

Configure the PRTG software to collect the SNMP traffic from the router and output it to your local web server. Show your family the URL and discuss when it might be of use. Now on to your next project!


No comments:

Post a Comment