nanog mailing list archives
Re: A useful oversimplification for network surveillance?
From: Yann Berthier <yb () bashibuzuk net>
Date: Thu, 25 Aug 2005 18:30:23 +0200
On Thu, 25 Aug 2005, Fergie (Paul Ferguson) wrote:
Actually, re-reading your original message, netflow would certainly be helpful in analysis, trending, etc. (along with something along the lines of MRTG) -- and IDS is only helpful after the fact, per se.
If I may add - NetFlow give you the possibility to do network forensics on 'past' network events (for whatever meaning of past), even if your IDS has detected nothing. This is an important consideration. I set up a mailing list, flowop, some time ago, to discuss NetFlow related issues: analysis, deployment considerations, ... The goal is obviously not to divert traffic from the existing mailing lists focused on a particular collector / tool, but I felt that besides those specific lists, a 'generic' one was badly needed. I never took the time to advertise it, so the traffic is low (that is, null), but perhaps this is a good time to do so. I look forward to see many interesting discussions happening here. Subscription information: http://www.csrrt.org.lu/mailman/listinfo/flowop Thanks, - yann
Current thread:
- A useful oversimplification for network surveillance? Howard C. Berkowitz (Aug 25)
- Re: A useful oversimplification for network surveillance? Nicolas FISCHBACH (Aug 30)
- <Possible follow-ups>
- Re: A useful oversimplification for network surveillance? Fergie (Paul Ferguson) (Aug 25)
- Re: A useful oversimplification for network surveillance? Howard C. Berkowitz (Aug 25)
- Re: A useful oversimplification for network surveillance? Florian Weimer (Aug 25)
- Re: A useful oversimplification for network surveillance? sjk (Aug 25)
- Re: A useful oversimplification for network surveillance? Florian Weimer (Aug 25)
- Message not available
- Re: A useful oversimplification for network surveillance? Florian Weimer (Aug 25)
- Re: A useful oversimplification for network surveillance? Howard C. Berkowitz (Aug 25)
- Re: A useful oversimplification for network surveillance? Yann Berthier (Aug 25)