[c-nsp] Netflow opensource analyzers for DDoS
Kim Onnel
karim.adel at gmail.com
Sun Nov 14 10:51:39 EST 2004
Dear All,
I would like to monitor our ingress OC3 for DoS/DDoS attacks towards
our customers, in order to identify Src/Dst of attacks and take
further action,
Have to mention, i am low on resources, so i can not buy Cisco guard
TX for e.g. nor Arbor peakflow,
All i have in hand is a cheap PC(Pentium4/512 RAM/120GB HDD) and my
choice of opensource OS and Netflow analyzers,
Can anyone give me their 2 cents on their experience with similar
setup, there are currently too many tools, but they're not DDoS
costumized,
however, one could use some intelligence and make use,
On my mind are a couple of questions,
-Like where should the machine be located < as close as possible to
the exporting router
-Sampling rate?
-Freebsd or debian?
-Any recommended NIC for the large volumes of data ?
e.g.:
http://panoptis.sourceforge.net/
http://silktools.sourceforge.net/
ntop
cflowd+flow-tools
http://freshmeat.net/projects/glflow/
http://stager.uninett.no/
Kind Regards
~Kim
More information about the cisco-nsp
mailing list