Merit Network
 Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives
North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: A useful oversimplification for network surveillance?

  • From: Howard C. Berkowitz
  • Date: Thu Aug 25 11:50:13 2005 
At 3:30 PM +0000 8/25/05, Fergie (Paul Ferguson) wrote:

Howard,

I'd most certainly use an IDS (i.e. SNORT) for this instead of
netflow....
My concern is scalability, remembering I'm talking about the surveillance level. My preliminary sense is that SNORT is great in a sinkhole, but isn't as scalable as a reasonable NetFlow export.

- ferg

-- "Howard C. Berkowitz" <hcb@gettcomm.com> wrote:

      NetFlow is the key to analyzing traffic patterns outside the router,
      looking for DDoS signatures when known, and for traffic anomalies that
      may become DDoS.
































Discussion Communities




About Merit | 
Services | 
Network | 
Resources & Support  |  
Network Research  


News | 
Events | 
Contact | 
Site Map
 | Merit Network Home





 Merit Network, Inc.