nanog mailing list archives
Re: A useful oversimplification for network surveillance?
From: Florian Weimer <fw () deneb enyo de>
Date: Thu, 25 Aug 2005 18:21:05 +0200
We use both -- NetFlow gives us trending data which helps us identify issues and patterns, Snort allows us to perform a deeper analysis -- I don't think you could use one and not the other and have effective traffic inspection.
Of course, but you do this to support certain processes in your organization. I just wonder how a process might look like which actually needs data gathered by an IDS, at the ISP level. (Drawing pretty charts showing the number of attacks you've blocked doesn't count, IMHO.)
Current thread:
- A useful oversimplification for network surveillance? Howard C. Berkowitz (Aug 25)
- Re: A useful oversimplification for network surveillance? Nicolas FISCHBACH (Aug 30)
- <Possible follow-ups>
- Re: A useful oversimplification for network surveillance? Fergie (Paul Ferguson) (Aug 25)
- Re: A useful oversimplification for network surveillance? Howard C. Berkowitz (Aug 25)
- Re: A useful oversimplification for network surveillance? Florian Weimer (Aug 25)
- Re: A useful oversimplification for network surveillance? sjk (Aug 25)
- Re: A useful oversimplification for network surveillance? Florian Weimer (Aug 25)
- Message not available
- Re: A useful oversimplification for network surveillance? Florian Weimer (Aug 25)
- Re: A useful oversimplification for network surveillance? Howard C. Berkowitz (Aug 25)
- Re: A useful oversimplification for network surveillance? Yann Berthier (Aug 25)