nanog mailing list archives
Re: A useful oversimplification for network surveillance?
From: "Fergie (Paul Ferguson)" <fergdawg () netzero net>
Date: Thu, 25 Aug 2005 16:02:18 GMT
Actually, re-reading your original message, netflow would certainly be helpful in analysis, trending, etc. (along with something along the lines of MRTG) -- and IDS is only helpful after the fact, per se. - ferg -- "Howard C. Berkowitz" <hcb () gettcomm com> wrote: At 3:30 PM +0000 8/25/05, Fergie (Paul Ferguson) wrote:
Howard, I'd most certainly use an IDS (i.e. SNORT) for this instead of netflow....
My concern is scalability, remembering I'm talking about the surveillance level. My preliminary sense is that SNORT is great in a sinkhole, but isn't as scalable as a reasonable NetFlow export.
-- "Howard C. Berkowitz" <hcb () gettcomm com> wrote: NetFlow is the key to analyzing traffic patterns outside the router, looking for DDoS signatures when known, and for traffic anomalies that may become DDoS.
Current thread:
- A useful oversimplification for network surveillance? Howard C. Berkowitz (Aug 25)
- Re: A useful oversimplification for network surveillance? Nicolas FISCHBACH (Aug 30)
- <Possible follow-ups>
- Re: A useful oversimplification for network surveillance? Fergie (Paul Ferguson) (Aug 25)
- Re: A useful oversimplification for network surveillance? Howard C. Berkowitz (Aug 25)
- Re: A useful oversimplification for network surveillance? Florian Weimer (Aug 25)
- Re: A useful oversimplification for network surveillance? sjk (Aug 25)
- Re: A useful oversimplification for network surveillance? Florian Weimer (Aug 25)
- Message not available
- Re: A useful oversimplification for network surveillance? Florian Weimer (Aug 25)
- Re: A useful oversimplification for network surveillance? Howard C. Berkowitz (Aug 25)
- Re: A useful oversimplification for network surveillance? Yann Berthier (Aug 25)