nanog mailing list archives
Re: A useful oversimplification for network surveillance?
From: Nicolas FISCHBACH <nicolist () securite org>
Date: Wed, 31 Aug 2005 00:56:09 +0200
Howard C. Berkowitz wrote:
I'm developing some guidance for ISP surveillance for infrastructure attacks, and my increasing impression is that for other than the expert level, there may be some useful simplifications of the applicability of tools. Remember that I am speaking of surveillance here, not the detailed analysis in a sinkhole. Perhaps this could be the basis of some security architecture presentations/tutorials at NANOG.
Have a look at these two presentations, the first covers most of the items you listed, the second one, while more enterprise-oriented also applies to large SP management networks. "Building an Early Warning System in a Service Provider Network" http://www.securite.org/presentations/secip/BHEU2004-NF-SP-EWS-v11.ppt http://www.securite.org/presentations/secip/BHEU2004-NF-SP-EWS-v11.zip (PDF) "Network flows and Security" http://www.securite.org/presentations/secip/BHEU2005-NetflowSecurity-NF-v101.ppt http://www.securite.org/presentations/secip/BHEU2005-NetflowSecurity-NF-v101.pdf Nico. -- Nicolas FISCHBACH (nico () securite org) <http://www.securite.org/nico/> Senior Manager - IP Engineering/Security - COLT Telecom Securite.Org Team - http://www.securite.org/
Current thread:
- A useful oversimplification for network surveillance? Howard C. Berkowitz (Aug 25)
- Re: A useful oversimplification for network surveillance? Nicolas FISCHBACH (Aug 30)
- <Possible follow-ups>
- Re: A useful oversimplification for network surveillance? Fergie (Paul Ferguson) (Aug 25)
- Re: A useful oversimplification for network surveillance? Howard C. Berkowitz (Aug 25)
- Re: A useful oversimplification for network surveillance? Florian Weimer (Aug 25)
- Re: A useful oversimplification for network surveillance? sjk (Aug 25)
- Re: A useful oversimplification for network surveillance? Florian Weimer (Aug 25)
- Message not available
- Re: A useful oversimplification for network surveillance? Florian Weimer (Aug 25)
- Re: A useful oversimplification for network surveillance? Howard C. Berkowitz (Aug 25)
- Re: A useful oversimplification for network surveillance? Yann Berthier (Aug 25)