[83791] in North American Network Operators' Group
Re: A useful oversimplification for network surveillance?
daemon@ATHENA.MIT.EDU (Fergie (Paul Ferguson))
Thu Aug 25 11:34:08 2005
From: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>
Date: Thu, 25 Aug 2005 15:30:00 GMT
To: hcb@gettcomm.com
Cc: nanog@merit.edu
Errors-To: owner-nanog@merit.edu
Howard,
I'd most certainly use an IDS (i.e. SNORT) for this instead of
netfow....
- ferg
-- "Howard C. Berkowitz" <hcb@gettcomm.com> wrote:
NetFlow is the key to analyzing traffic patterns outside the router,
looking for DDoS signatures when known, and for traffic anomalies that
may become DDoS.
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg@netzero.net or fergdawg@sbcglobal.net
ferg's tech blog: http://fergdawg.blogspot.com/
