nanog mailing list archives

Re: A useful oversimplification for network surveillance?

From: "Fergie (Paul Ferguson)" <fergdawg () netzero net>
Date: Thu, 25 Aug 2005 15:30:00 GMT


Howard,

I'd most certainly use an IDS (i.e. SNORT) for this instead of
netfow....

- ferg

-- "Howard C. Berkowitz" <hcb () gettcomm com> wrote:

      NetFlow is the key to analyzing traffic patterns outside the router,
      looking for DDoS signatures when known, and for traffic anomalies that
      may become DDoS.


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg () netzero net or fergdawg () sbcglobal net
 ferg's tech blog: http://fergdawg.blogspot.com/

Current thread:

A useful oversimplification for network surveillance? Howard C. Berkowitz (Aug 25)
- Re: A useful oversimplification for network surveillance? Nicolas FISCHBACH (Aug 30)
- <Possible follow-ups>
- Re: A useful oversimplification for network surveillance? Fergie (Paul Ferguson) (Aug 25)
  - Re: A useful oversimplification for network surveillance? Howard C. Berkowitz (Aug 25)
  - Re: A useful oversimplification for network surveillance? Florian Weimer (Aug 25)
    - Re: A useful oversimplification for network surveillance? sjk (Aug 25)
    - Re: A useful oversimplification for network surveillance? Florian Weimer (Aug 25)
    - Message not available
    - Re: A useful oversimplification for network surveillance? Florian Weimer (Aug 25)
    - Re: A useful oversimplification for network surveillance? Howard C. Berkowitz (Aug 25)
- Re: A useful oversimplification for network surveillance? Fergie (Paul Ferguson) (Aug 25)
  - Re: A useful oversimplification for network surveillance? Yann Berthier (Aug 25)
- Re: A useful oversimplification for network surveillance? Fergie (Paul Ferguson) (Aug 25)