This tutorial aims to cover the uses of NetFlow to monitor an SP' infrastructure, from the export, router-wise, to the collect and analysis, from a security perspective. While there is certainly a great deal of papers on the subject, there is room - and need, or so I hope - for a comprehensive coverage of NetFlow from theory to practical operations. The questions regularly popping-up in the operators' forums about NetFlow uses, as well as the lack of visibility most operators have regarding attacks against their infrastructure may be good testimonials to support such a tutorial.
Link to the presentation
