North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: A useful oversimplification for network surveillance?
- From: Howard C. Berkowitz
- Date: Thu Aug 25 11:50:13 2005
At 3:30 PM +0000 8/25/05, Fergie (Paul Ferguson) wrote:
My concern is scalability, remembering I'm talking about the
surveillance level. My preliminary sense is that SNORT is great in a
sinkhole, but isn't as scalable as a reasonable NetFlow export.
I'd most certainly use an IDS (i.e. SNORT) for this instead of
-- "Howard C. Berkowitz" <email@example.com> wrote:
NetFlow is the key to analyzing traffic patterns outside the router,
looking for DDoS signatures when known, and for traffic anomalies that
may become DDoS.