North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: A useful oversimplification for network surveillance?

  • From: Florian Weimer
  • Date: Thu Aug 25 12:09:07 2005

> I'd most certainly use an IDS (i.e. SNORT) for this instead of
> netfow....

Could you provide a use case at the ISP level where an IDS is indeed
superior to NetFlow data collection?

(Take into account that ISPs typically see the effects of new malware
well before the AV companies. 8-)