Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: netflow analysis

From: Wyman Miles <wm63 () CORNELL EDU>
Date: Thu, 12 May 2005 17:37:28 -0400
I've written some things here that build on an elaborate collection of
tools that were here when I arrived:

- statistical anomlay processing of darknet data to discover port scans,
new virus releases, new exploits, etc.
- some C code to process raw flow records that was built on an earlier
project to do the same, store the results in MySQL, etc.
- some rudimentary CGI to classify records by application; used by our
bandwidth billing effort

I've got a whitepaper floating about on anomaly processing of netflow data
for use as an early warning system.

Wy

Wyman Miles
Information Technology Security Office
Cornell University, Ithaca, New York



Hello,

I'm curious as to how people are handling their netflow data.  We're
thinking about putting it into a DB and designing our own interface for
it.  I haven't found any decent analysis tools (web based with search
functionality specifically).  Any recommendations?  A good deal of tools
out there seem to no longer be maintained.

Appreciate any advice!

David C. Shettler - GCFA
Senior Technical Services Engineer
College of the Holy Cross
508-793-3073

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.



**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.
Previous By Date Next
Previous By Thread Next

Current thread: