[c-nsp] Open-source tools(Flow-tools,
Silktools..) for DDoS detection?
Sami Joseph
sami.joseph at gmail.com
Thu Mar 3 03:06:02 EST 2005
Hi everyone,
I'd like to corrected if i am wrong:
With 3 full OC3s of Internet and a 7600 as gateway, when the number of
pps goes up to 100-200kpps or bandwidth utilization hits the MRTG
roof, and routing protocols get dropped, there is nothing i can do to
stop such attacks, other than detecting the dst. IP and blackholing
it?
Has anyone used tools like flow-tools, silktools, ntop or other
open-source netflow collectors/analyzers to be able to detect the DDoS
src/dst of attacks, Not Arbor PeakFlow nor Stealthflow XE(Expensive..)
Will they do the job ?
Should i just Export from the gateway or its better to export from PE routers ?
More information about the cisco-nsp
mailing list