[nsp] NetFlow and DoS attacks - tuning

Volodymyr Yakovenko vovik at dumpty.org
Fri Dec 19 10:48:43 EST 2003


On Fri, Dec 19, 2003 at 09:23:13AM +0000, neil at COLT.NET wrote:
>> Does anyone know any (cheaper) alternatives?
>
>Define cheaper? something that has a visible cost? or an invisible 
>hidden cost? We use Arbor here and I have to say its a very
>good product.

Dear Roland,

 What I need - is some tool, to gather NetFlow statistic from our access 
 routers, and perform the following:

1. Some kind of almost-real-time IDS for general Worms/DOS detection.
2. Flows history database for post incident investigations.

 I also need something to query flows history database for identifying
 typical data patterns from one set of hosts to another set of hosts during 
 some period of time with kind of statisctical analysis.

 It looks like Arbour is able to do all mentioned above. However price of such
 solution can easily exceed price of your routers.

 Not all companies such big as Cisco, international banks or oil companies.

-- 
Regards,
Volodymyr.



More information about the cisco-nsp mailing list