Educause Security Discussion mailing list archives
Re: netflow analysis
From: Wyman Miles <wm63 () CORNELL EDU>
Date: Thu, 12 May 2005 17:37:28 -0400
I've written some things here that build on an elaborate collection of tools that were here when I arrived: - statistical anomlay processing of darknet data to discover port scans, new virus releases, new exploits, etc. - some C code to process raw flow records that was built on an earlier project to do the same, store the results in MySQL, etc. - some rudimentary CGI to classify records by application; used by our bandwidth billing effort I've got a whitepaper floating about on anomaly processing of netflow data for use as an early warning system. Wy Wyman Miles Information Technology Security Office Cornell University, Ithaca, New York
Hello, I'm curious as to how people are handling their netflow data. We're thinking about putting it into a DB and designing our own interface for it. I haven't found any decent analysis tools (web based with search functionality specifically). Any recommendations? A good deal of tools out there seem to no longer be maintained. Appreciate any advice! David C. Shettler - GCFA Senior Technical Services Engineer College of the Holy Cross 508-793-3073 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- netflow analysis David Shettler (May 12)
- <Possible follow-ups>
- Re: netflow analysis Stephen Bernard (May 12)
- Re: netflow analysis Wyman Miles (May 12)
- Re: netflow analysis stanislav shalunov (May 12)
- Re: netflow analysis Tristan RHODES (May 12)
- Re: netflow analysis Arturo Servin (May 13)
- Re: netflow analysis Pete Hoffswell (May 13)
- Re: netflow analysis David Shettler (May 13)
- Re: netflow analysis David Shettler (May 13)
- Re: netflow analysis Bill Yurcik (May 13)
- Re: netflow analysis Wyman Miles (May 18)