Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: A useful oversimplification for network surveillance?

  • From: sjk
  • Date: Thu Aug 25 12:19:59 2005


We use both -- NetFlow gives us trending data which helps us identify issues and patterns, Snort allows us to perform a deeper analysis -- I don't think you could use one and not the other and have effective traffic inspection.


On Thu, 25 Aug 2005, Florian Weimer wrote:


I'd most certainly use an IDS (i.e. SNORT) for this instead of
netfow....
Could you provide a use case at the ISP level where an IDS is indeed
superior to NetFlow data collection?

(Take into account that ISPs typically see the effects of new malware
well before the AV companies. 8-)

_____________________________________
sjk@cupacoffee.net
http://www.cupacoffee.net

No one can understand the truth until
he drinks of coffee's frothy goodness.
~Sheik Abd-al-Kadir




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.