[nsp] NetFlow and DoS attacks - tuning
Brian Turnbow
b.turnbow at twt.it
Thu Dec 18 09:09:34 EST 2003
flowscan helps, take a look on www.caida.org isn't exactly an anomoly
detection
program but it's free and creates top talker/listener reports that help
see where traffic flows come from and go to, and you can create
port/protocol
graphs to see what kind of traffic it is. There are several offshoots that
you can find
on sourceforge ect.
hope it helps
Brian
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Volodymyr
Yakovenko
Sent: mercoledì 17 dicembre 2003 22.34
To: Roland Dobbins
Cc: cisco-nsp at puck.nether.net
Subject: Re: [nsp] NetFlow and DoS attacks - tuning
On Wed, Dec 17, 2003 at 12:31:28AM -0800, Roland Dobbins wrote:
>Arbor Networks (http://www.arbornetworks.com) provide commercial
>anomaly-detection and traffic-analysis systems which make use of
>NetFlow quite effectively, in my experience. Specifically, Arbor
>Peakflow DoS is the anomaly-detection solution.
Yes, great product (according to Arbor Cisco is one of their customers :-),
and HUGE price.
Does anyone know any (cheaper) alternatives?
--
Regards,
Volodymyr.
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list