A broadband access server (BAS) was used as auditing agent to implement a distributed
security auditing system on metropolitan area network (DSASMAN). A new packet filter
mechanism based on hardware packet filter (HPF) was proposed. The mechanism of routing and
forwarding in BAS was modified from“route once, switch many”to“audit once, pass many”. The
algorithm based on time inductive machine was used to accomplish the auditing to UDP based
accesses. The proposed auditing system has been implemented in an experimental routing switch
that was used as a BAS and showed good auditing performances.