Re: A useful oversimplification for network surveillance?
Date: Thu Aug 25 12:19:59 2005
We use both -- NetFlow gives us trending data which helps us identify
issues and patterns, Snort allows us to perform a deeper analysis -- I
don't think you could use one and not the other and have effective traffic
On Thu, 25 Aug 2005, Florian Weimer wrote:
I'd most certainly use an IDS (i.e. SNORT) for this instead of
Could you provide a use case at the ISP level where an IDS is indeed
superior to NetFlow data collection?
(Take into account that ISPs typically see the effects of new malware
well before the AV companies. 8-)
No one can understand the truth until
he drinks of coffee's frothy goodness.