Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: A useful oversimplification for network surveillance?

  • From: Howard C. Berkowitz
  • Date: Thu Aug 25 11:50:13 2005

At 3:30 PM +0000 8/25/05, Fergie (Paul Ferguson) wrote:
Howard,

I'd most certainly use an IDS (i.e. SNORT) for this instead of
netflow....
My concern is scalability, remembering I'm talking about the surveillance level. My preliminary sense is that SNORT is great in a sinkhole, but isn't as scalable as a reasonable NetFlow export.

- ferg

-- "Howard C. Berkowitz" <hcb@gettcomm.com> wrote:

      NetFlow is the key to analyzing traffic patterns outside the router,
      looking for DDoS signatures when known, and for traffic anomalies that
      may become DDoS.








Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.