25 Aug
2005
25 Aug
'05
12:15 p.m.
We use both -- NetFlow gives us trending data which helps us identify issues and patterns, Snort allows us to perform a deeper analysis -- I don't think you could use one and not the other and have effective traffic inspection. On Thu, 25 Aug 2005, Florian Weimer wrote:
I'd most certainly use an IDS (i.e. SNORT) for this instead of netfow....
Could you provide a use case at the ISP level where an IDS is indeed superior to NetFlow data collection?
(Take into account that ISPs typically see the effects of new malware well before the AV companies. 8-)
_____________________________________ sjk@cupacoffee.net http://www.cupacoffee.net No one can understand the truth until he drinks of coffee's frothy goodness. ~Sheik Abd-al-Kadir