[c-nsp] Netflow opensource analyzers for DDoS

Brian Feeny signal at shreve.net
Sun Nov 14 20:34:09 EST 2004


I am using Stager and liking it.  Its rather "new" but its moving in a 
direction I like.
It may not suite your needs for DDoS, but it is an excellent netflow 
analyzer

Brian

On Nov 14, 2004, at 9:51 AM, Kim Onnel wrote:

> Dear All,
>
> I would like to monitor our ingress OC3 for DoS/DDoS attacks towards
> our customers, in order to identify Src/Dst of attacks and take
> further action,
>
> Have to mention, i am low on resources, so i can not buy Cisco guard
> TX for e.g. nor Arbor peakflow,
>
> All i have in hand is a cheap PC(Pentium4/512 RAM/120GB HDD) and my
> choice of opensource OS and Netflow analyzers,
>
> Can anyone give me their 2 cents on their experience with similar
> setup, there are currently too many tools, but they're not DDoS
> costumized,
> however, one could use some intelligence and make use,
>
> On my mind are a couple of questions,
>
> -Like where should the machine be located < as close as possible to
> the exporting router
> -Sampling rate?
> -Freebsd or debian?
> -Any recommended NIC for the large volumes of data ?
>
> e.g.:
> http://panoptis.sourceforge.net/
> http://silktools.sourceforge.net/
> ntop
> cflowd+flow-tools
> http://freshmeat.net/projects/glflow/
> http://stager.uninett.no/
>
> Kind Regards
> ~Kim
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
---------------------------------------------
Brian Feeny, CCIE #8036, CISSP
Network Engineer
ShreveNet Inc.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20041114/17daa054/PGP.bin


More information about the cisco-nsp mailing list