[nsp] NetFlow and DoS attacks - tuning
Volodymyr Yakovenko
vovik at dumpty.org
Fri Dec 19 10:48:43 EST 2003
On Fri, Dec 19, 2003 at 09:23:13AM +0000, neil at COLT.NET wrote:
>> Does anyone know any (cheaper) alternatives?
>
>Define cheaper? something that has a visible cost? or an invisible
>hidden cost? We use Arbor here and I have to say its a very
>good product.
Dear Roland,
What I need - is some tool, to gather NetFlow statistic from our access
routers, and perform the following:
1. Some kind of almost-real-time IDS for general Worms/DOS detection.
2. Flows history database for post incident investigations.
I also need something to query flows history database for identifying
typical data patterns from one set of hosts to another set of hosts during
some period of time with kind of statisctical analysis.
It looks like Arbour is able to do all mentioned above. However price of such
solution can easily exceed price of your routers.
Not all companies such big as Cisco, international banks or oil companies.
--
Regards,
Volodymyr.
More information about the cisco-nsp
mailing list