[83896] in North American Network Operators' Group
Re: A useful oversimplification for network surveillance?
daemon@ATHENA.MIT.EDU (Nicolas FISCHBACH)
Tue Aug 30 18:56:37 2005
Date: Wed, 31 Aug 2005 00:56:09 +0200
From: Nicolas FISCHBACH <nicolist@securite.org>
To: "Howard C. Berkowitz" <hcb@gettcomm.com>
Cc: nanog@merit.edu
In-Reply-To: <p0623093bbf33906569d1@[192.168.0.2]>
Errors-To: owner-nanog@merit.edu
Howard C. Berkowitz wrote:
>
> I'm developing some guidance for ISP surveillance for infrastructure
> attacks, and my increasing impression is that for other than the expert
> level, there may be some useful simplifications of the applicability of
> tools. Remember that I am speaking of surveillance here, not the
> detailed analysis in a sinkhole. Perhaps this could be the basis of
> some security architecture presentations/tutorials at NANOG.
Have a look at these two presentations, the first covers most of the
items you listed, the second one, while more enterprise-oriented also
applies to large SP management networks.
"Building an Early Warning System in a Service Provider Network"
http://www.securite.org/presentations/secip/BHEU2004-NF-SP-EWS-v11.ppt
http://www.securite.org/presentations/secip/BHEU2004-NF-SP-EWS-v11.zip (PDF)
"Network flows and Security"
http://www.securite.org/presentations/secip/BHEU2005-NetflowSecurity-NF-v101.ppt
http://www.securite.org/presentations/secip/BHEU2005-NetflowSecurity-NF-v101.pdf
Nico.
--
Nicolas FISCHBACH (nico@securite.org) <http://www.securite.org/nico/>
Senior Manager - IP Engineering/Security - COLT Telecom
Securite.Org Team - http://www.securite.org/
