[83796] in North American Network Operators' Group
Re: A useful oversimplification for network surveillance?
daemon@ATHENA.MIT.EDU (Florian Weimer)
Thu Aug 25 12:22:04 2005
From: Florian Weimer <fw@deneb.enyo.de>
To: sjk <sjk@dredel.com>
Cc: "Fergie (Paul Ferguson)" <fergdawg@netzero.net>,
hcb@gettcomm.com, nanog@merit.edu
Date: Thu, 25 Aug 2005 18:21:05 +0200
In-Reply-To: <Pine.LNX.4.63.0508251113250.1446@godot> (sjk@dredel.com's
message of "Thu, 25 Aug 2005 11:15:23 -0500 (CDT)")
Errors-To: owner-nanog@merit.edu
> We use both -- NetFlow gives us trending data which helps us
> identify issues and patterns, Snort allows us to perform a deeper
> analysis -- I don't think you could use one and not the other and
> have effective traffic inspection.
Of course, but you do this to support certain processes in your
organization. I just wonder how a process might look like which
actually needs data gathered by an IDS, at the ISP level.
(Drawing pretty charts showing the number of attacks you've blocked
doesn't count, IMHO.)
