Re: A useful oversimplification for network surveillance?

[Howard C. Berkowitz]

At 11:15 AM -0500 8/25/05, sjk wrote:
> We use both -- NetFlow gives us trending data which helps us 
> identify issues and patterns, Snort allows us to perform a deeper 
> analysis -- I don't think you could use one and not the other and 
> have effective traffic inspection.
I think we are in agreement. Remember, I was dealing specifically 
with surveillance. Surveillance and deeper analysis are complementary.

>  On Thu, 25 Aug 2005, Florian Weimer wrote:
>
> > > I'd most certainly use an IDS (i.e. SNORT) for this instead of
> > > netfow....
> > Could you provide a use case at the ISP level where an IDS is indeed
> > superior to NetFlow data collection?
> >
> > (Take into account that ISPs typically see the effects of new malware
> > well before the AV companies. 8-)
> _____________________________________
> sjk@cupacoffee.net
> http://www.cupacoffee.net
>
> No one can understand the truth until
> he drinks of coffee's frothy goodness.
> ~Sheik Abd-al-Kadir

This .sig must be preserved. I go to refill my cup.

Has anyone ever quantified the relationship between available network 
clue and available caffeine?