|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: A useful oversimplification for network surveillance?
At 3:30 PM +0000 8/25/05, Fergie (Paul Ferguson) wrote: My concern is scalability, remembering I'm talking about the surveillance level. My preliminary sense is that SNORT is great in a sinkhole, but isn't as scalable as a reasonable NetFlow export.Howard, I'd most certainly use an IDS (i.e. SNORT) for this instead of netflow.... - ferg -- "Howard C. Berkowitz" <[email protected]> wrote: NetFlow is the key to analyzing traffic patterns outside the router, looking for DDoS signatures when known, and for traffic anomalies that may become DDoS.
|