North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: A useful oversimplification for network surveillance?
- From: Fergie (Paul Ferguson)
- Date: Thu Aug 25 12:05:36 2005
Actually, re-reading your original message, netflow would certainly
be helpful in analysis, trending, etc. (along with something
along the lines of MRTG) -- and IDS is only helpful after the
fact, per se.
-- "Howard C. Berkowitz" <firstname.lastname@example.org> wrote:
At 3:30 PM +0000 8/25/05, Fergie (Paul Ferguson) wrote:
>I'd most certainly use an IDS (i.e. SNORT) for this instead of
My concern is scalability, remembering I'm talking about the
surveillance level. My preliminary sense is that SNORT is great in a
sinkhole, but isn't as scalable as a reasonable NetFlow export.
>-- "Howard C. Berkowitz" <email@example.com> wrote:
> NetFlow is the key to analyzing traffic patterns outside the router,
> looking for DDoS signatures when known, and for traffic anomalies that
> may become DDoS.