Dominik Werder wrote:
> Hi all!
> 
> I'd like to do a little "somewhat-clever-server-abuse-detection" in
> addition to the other firewall stuff.
> To do that I need to monitor what connections exists and how much/how
> fast they up and download..
> Is that possible in general? Using ruby?
> 
> Just an idea :)
> 
> bye!
> Dominik

Here are some highly recommended security tools you might want to 
consider using in addition to your firewall.

You'll probably want to take a look before handcoding in ruby or any 
other language to avoid reinventing the wheel.

Look at this simple utility (if snort is too complex/fat):

portsentry

For Apache, use these which work great together (and easy setup):

mod_dosevasive  (detect and handle denial of service attacks)
mod_security    (detect and handle hacking/abuse)
***mod_throttle	(for Apache 1.3.x only so I haven't used this)

For comprehensive detection, see:

Nessus (discover your vulnerabilities)
Snort (intrusion detection)