On Thu, 25 Aug 2005, Florian Weimer wrote:
I'd most certainly use an IDS (i.e. SNORT) for this instead of
Could you provide a use case at the ISP level where an IDS is indeed
superior to NetFlow data collection?
(Take into account that ISPs typically see the effects of new malware
well before the AV companies. 8-)
No one can understand the truth until
he drinks of coffee's frothy goodness.