nanog mailing list archives
Re: A useful oversimplification for network surveillance?
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 25 Aug 2005 18:06:52 +0200
I'd most certainly use an IDS (i.e. SNORT) for this instead of netfow....
Could you provide a use case at the ISP level where an IDS is indeed superior to NetFlow data collection? (Take into account that ISPs typically see the effects of new malware well before the AV companies. 8-)
Current thread:
- A useful oversimplification for network surveillance? Howard C. Berkowitz (Aug 25)
- Re: A useful oversimplification for network surveillance? Nicolas FISCHBACH (Aug 30)
- <Possible follow-ups>
- Re: A useful oversimplification for network surveillance? Fergie (Paul Ferguson) (Aug 25)
- Re: A useful oversimplification for network surveillance? Howard C. Berkowitz (Aug 25)
- Re: A useful oversimplification for network surveillance? Florian Weimer (Aug 25)
- Re: A useful oversimplification for network surveillance? sjk (Aug 25)
- Re: A useful oversimplification for network surveillance? Florian Weimer (Aug 25)
- Message not available
- Re: A useful oversimplification for network surveillance? Florian Weimer (Aug 25)
- Re: A useful oversimplification for network surveillance? Howard C. Berkowitz (Aug 25)
- Re: A useful oversimplification for network surveillance? Yann Berthier (Aug 25)