|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: A useful oversimplification for network surveillance?
Howard,
I'd most certainly use an IDS (i.e. SNORT) for this instead of
netfow....
- ferg
-- "Howard C. Berkowitz" <hcb@gettcomm.com> wrote:
NetFlow is the key to analyzing traffic patterns outside the router,
looking for DDoS signatures when known, and for traffic anomalies that
may become DDoS.
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
fergdawg@netzero.net or fergdawg@sbcglobal.net
ferg's tech blog: http://fergdawg.blogspot.com/
|