Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: A useful oversimplification for network surveillance?

  • From: Fergie (Paul Ferguson)
  • Date: Thu Aug 25 12:05:36 2005

Actually, re-reading your original message, netflow would certainly
be helpful in analysis, trending, etc. (along with something
along the lines of MRTG) -- and IDS is only helpful after the
fact, per se.

- ferg

-- "Howard C. Berkowitz" <hcb@gettcomm.com> wrote:

At 3:30 PM +0000 8/25/05, Fergie (Paul Ferguson) wrote:
>Howard,
>
>I'd most certainly use an IDS (i.e. SNORT) for this instead of
>netflow....

My concern is scalability, remembering I'm talking about the 
surveillance level. My preliminary sense is that SNORT is great in a 
sinkhole, but isn't as scalable as a reasonable NetFlow export.


>
>-- "Howard C. Berkowitz" <hcb@gettcomm.com> wrote:
>
>       NetFlow is the key to analyzing traffic patterns outside the router,
>       looking for DDoS signatures when known, and for traffic anomalies that
>       may become DDoS.






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.