[123838] in North American Network Operators' Group
Re: OBESEUS - A new type of DDOS protector
daemon@ATHENA.MIT.EDU (Guillaume FORTAINE)
Tue Mar 16 21:51:01 2010
Date: Wed, 17 Mar 2010 02:50:15 +0100
From: Guillaume FORTAINE <gfortaine@live.com>
To: nanog@nanog.org
In-Reply-To: <B7DA3917-793C-43F1-A3D5-45EA41E39442@arbor.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Dear Mister Dobbins,
Thank you for your reply.
> Argus is OK, but I believe that it mainly relies upon packet capture - it does now support NetFlow v5, and v9 support as well as support for Juniper flow telemetry and others is supposed to be coming.
>
Argus is a superset of Netflow [1]. It's a *better* Netflow :
http://docs.google.com/viewer?url=http://www.cert.org/flocon/2009/presentations/Bullard_ControlPlane.pdf
> I've personally not played with Argus and NetFlow; nfdump/nfsen is a useful open-source NetFlow collection/analysis system.
>
>
There is also Psyche from Pontetec that is a better nfsen :
http://psyche.pontetec.com/
>> Me and my partners are working on a Flow Based Security Awareness
>> Framework for High-Speed Networks.
>>
>> http://docs.google.com/viewer?url=http://www.vabo.cz/spi/2009/presentations/03/02-celeda_rehak_CAMNEP_no_video.pdf
>>
>> For a demo :
>>
>> http://demo.cognitivesecurity.cz/
>>
> It's always good to see folks motivated to work on solutions they believe will benefit the community at large.
>
>
Thank you. The question is : Who are the people interested in our work ?
Best Regards,
Guillaume FORTAINE
[1] http://www.qosient.com/argus/argusnetflow.htm
