[83798] in North American Network Operators' Group
Re: A useful oversimplification for network surveillance?
daemon@ATHENA.MIT.EDU (Yann Berthier)
Thu Aug 25 12:34:17 2005
Date: Thu, 25 Aug 2005 18:30:23 +0200
From: Yann Berthier <yb@bashibuzuk.net>
To: nanog@merit.edu
In-Reply-To: <20050825.090300.7340.140136@webmail12.lax.untd.com>
Errors-To: owner-nanog@merit.edu
On Thu, 25 Aug 2005, Fergie (Paul Ferguson) wrote:
>
> Actually, re-reading your original message, netflow would certainly
> be helpful in analysis, trending, etc. (along with something
> along the lines of MRTG) -- and IDS is only helpful after the
> fact, per se.
If I may add - NetFlow give you the possibility to do network
forensics on 'past' network events (for whatever meaning of past),
even if your IDS has detected nothing. This is an important
consideration.
I set up a mailing list, flowop, some time ago, to discuss NetFlow
related issues: analysis, deployment considerations, ... The goal is
obviously not to divert traffic from the existing mailing lists
focused on a particular collector / tool, but I felt that besides
those specific lists, a 'generic' one was badly needed.
I never took the time to advertise it, so the traffic is low (that
is, null), but perhaps this is a good time to do so. I look forward
to see many interesting discussions happening here.
Subscription information:
http://www.csrrt.org.lu/mailman/listinfo/flowop
Thanks,
- yann
