Re: DDOS, IDS, RTBH, and Rate limiting

[Tim Jackson <jackson.tim () gmail com>]

I highly recommend pmacct and it's in-memory tables. Lightweight, easy to
query and super fast.

You can also easily run multiple aggregates of traffic to find what you are
interested in, tag common interface types to easily filter traffic..

Or you can use pmacct to insert this into whatever database you want, AMQP
or MongoDB..

My current favorite is using an IMT table for DoS detection and another for
aggregates for interesting traffic types and querying this every X minutes
and inserting it into ElasticSearch. Kibana makes the most powerful netflow
dashboard ever.

--
Tim
On Nov 20, 2014 6:39 PM, "Roland Dobbins" <rdobbins () arbor net> wrote:

> On 21 Nov 2014, at 9:19, Robert Duffy wrote:
>
>  What open-source NetFlow analysis tools would you recommend for quickly
> > detecting a DDoS attack?
>
> I generally recommend that folks get started with something like
> nfdump/nfsen or ntop.  There are other, more sophisticated tools out there,
> but these allow one to get up and running quickly, and to gain valuable
> operational experience with which to evaluate more sophisticated tools, if
> they're needed.
>
> -----------------------------------
> Roland Dobbins <rdobbins () arbor net>