Re: netflow analysis

[Arturo Servin <aservin () ITESM MX>]

        We use flor-tools and some KSH scripts to perform some queries to
retrive information about rx/tx machines, protocols, ports. We just apply
the scripts in demand when we need something, but I am sure that it could be
relatively easy to do something proactive.

        In the past months I found this paper, I do not if its public but
anyone with access to IEEE eXplore can download it.

Defending against Internet Worm-like Infestations
Shou-Chuan Lai, Wen-Chu Kuo, Mu-Cheng Hsieh.
Proceedings of the 18th International Conference on Advanced Information
Networking and Application (AINA’04)


-as

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David Shettler
Sent: Jueves, 12 de Mayo de 2005 04:15 p.m.
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] netflow analysis

Hello,

I'm curious as to how people are handling their netflow data.  We're
thinking about putting it into a DB and designing our own interface for
it.  I haven't found any decent analysis tools (web based with search
functionality specifically).  Any recommendations?  A good deal of tools
out there seem to no longer be maintained.

Appreciate any advice!

David C. Shettler - GCFA
Senior Technical Services Engineer
College of the Holy Cross
508-793-3073

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.