A useful oversimplification for network surveillance?

• Previous message (by thread): A useful oversimplification for network surveillance?
• Next message (by thread): A useful oversimplification for network surveillance?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We use both -- NetFlow gives us trending data which helps us identify 
issues and patterns, Snort allows us to perform a deeper analysis -- I 
don't think you could use one and not the other and have effective traffic 
inspection.


  On Thu, 25 Aug 2005, Florian Weimer wrote:

>
>> I'd most certainly use an IDS (i.e. SNORT) for this instead of
>> netfow....
>
> Could you provide a use case at the ISP level where an IDS is indeed
> superior to NetFlow data collection?
>
> (Take into account that ISPs typically see the effects of new malware
> well before the AV companies. 8-)
>

_____________________________________
sjk at cupacoffee.net
http://www.cupacoffee.net

No one can understand the truth until
he drinks of coffee's frothy goodness.
~Sheik Abd-al-Kadir

• Previous message (by thread): A useful oversimplification for network surveillance?
• Next message (by thread): A useful oversimplification for network surveillance?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]