A useful oversimplification for network surveillance?
Howard C. Berkowitz
hcb at gettcomm.com
Thu Aug 25 15:47:56 UTC 2005
At 3:30 PM +0000 8/25/05, Fergie (Paul Ferguson) wrote:
>Howard,
>
>I'd most certainly use an IDS (i.e. SNORT) for this instead of
>netflow....
My concern is scalability, remembering I'm talking about the
surveillance level. My preliminary sense is that SNORT is great in a
sinkhole, but isn't as scalable as a reasonable NetFlow export.
>
>- ferg
>
>-- "Howard C. Berkowitz" <hcb at gettcomm.com> wrote:
>
> NetFlow is the key to analyzing traffic patterns outside the router,
> looking for DDoS signatures when known, and for traffic anomalies that
> may become DDoS.
More information about the NANOG
mailing list