[c-nsp] Open-source tools(Flow-tools, Silktools..) for DDoS detection?

Brian Turnbow b.turnbow at twt.it
Thu Mar 3 07:08:50 EST 2005


I've used fow-tools, and flowscan, the problem is when a large attack comes and your flow files get huge that it takes a long time to process them. At that point you can either manually check the flows (or have a script do it for you) or wait:)
Regards
Brian
  

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Sami Joseph
Sent: giovedì 3 marzo 2005 9.06
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Open-source tools(Flow-tools,Silktools..) for DDoS detection?

Hi everyone,

I'd like to corrected if i am wrong:

With 3 full OC3s of Internet and a 7600 as gateway, when the number of
pps goes up to 100-200kpps or bandwidth utilization hits the MRTG
roof, and routing protocols get dropped, there is nothing i can do to
stop such attacks, other than detecting the dst. IP and blackholing
it?

Has anyone used tools like flow-tools, silktools, ntop or other
open-source netflow collectors/analyzers to be able to detect the DDoS
src/dst of attacks, Not Arbor PeakFlow nor Stealthflow XE(Expensive..)

Will they do the job ?

Should i just Export from the gateway or its better to export from PE routers ?
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list