[c-nsp] Netflow Analyzers deployment experience
Jon Lewis
jlewis at lewis.org
Sun Sep 11 20:55:13 EDT 2005
On Sun, 11 Sep 2005, Sami Joseph wrote:
> I looked at stager, it has nice graphs, same for flow-tools +rrdtools,..
I installed stager, and it does make nice graphs, and can give you some
stats, like which IPs are the biggest sources or destinations of traffic,
but I haven't seen anything in it that would give you the sort of details
you need for tracking down the src/dest of a DoS or for instance, looking
at whether an IP on your network is an open proxy, or which remote IPs are
abusing that proxy. For all those things, I've been using flow-tools
(flow-cat, flow-filter, flow-nfilter, flow-print).
----------------------------------------------------------------------
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the cisco-nsp
mailing list