[c-nsp] Open-source tools(Flow-tools,
Silktools..) for DDoS detection?
Nitzan Tzelniker
nitzan.tzelniker at gmail.com
Thu Mar 3 15:18:11 EST 2005
I use flow-tools for DDos detaction I build some perl script that
analyze the csv output from flow-tools based on the victime subnet and
if it over a configureble threshold it genrate snmp-trap to our noc
and insert the victim to our RiverHead Guard for protaction.
it works for more then 1.5 Gbps of traffic from GSR with sampling rate of 1/10
the only problem I think about in your situation is the 7600 because
in my testing it lost a lot of flows
Nitzan
On Thu, 3 Mar 2005 10:06:02 +0200, Sami Joseph <sami.joseph at gmail.com> wrote:
> Hi everyone,
>
> I'd like to corrected if i am wrong:
>
> With 3 full OC3s of Internet and a 7600 as gateway, when the number of
> pps goes up to 100-200kpps or bandwidth utilization hits the MRTG
> roof, and routing protocols get dropped, there is nothing i can do to
> stop such attacks, other than detecting the dst. IP and blackholing
> it?
>
> Has anyone used tools like flow-tools, silktools, ntop or other
> open-source netflow collectors/analyzers to be able to detect the DDoS
> src/dst of attacks, Not Arbor PeakFlow nor Stealthflow XE(Expensive..)
>
> Will they do the job ?
>
> Should i just Export from the gateway or its better to export from PE routers ?
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list