[83794] in North American Network Operators' Group
Re: A useful oversimplification for network surveillance?
daemon@ATHENA.MIT.EDU (Florian Weimer)
Thu Aug 25 12:08:13 2005
From: Florian Weimer <fw@deneb.enyo.de>
To: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>
Cc: hcb@gettcomm.com, nanog@merit.edu
Date: Thu, 25 Aug 2005 18:06:52 +0200
In-Reply-To: <20050825.083104.7340.139575@webmail12.lax.untd.com>
(fergdawg@netzero.net's message of "Thu, 25 Aug 2005 15:30:00 GMT")
Errors-To: owner-nanog@merit.edu
> I'd most certainly use an IDS (i.e. SNORT) for this instead of
> netfow....
Could you provide a use case at the ISP level where an IDS is indeed
superior to NetFlow data collection?
(Take into account that ISPs typically see the effects of new malware
well before the AV companies. 8-)
