On Oct 8, 2014, at 10:24 PM, Paige Thompson <paigeadele@gmail.com> wrote:
Re pp: 30-36 I think I catch your drift (ie: using cisco netflow to detect a synflood?) but would you care to summarize just in case because I am not this savvy, but would like to understand.
Yes, you can do that - there are plenty of open-source tools out there. But pay attention to the infrastructure and host BCPs in that preso, as well.
Also in regards to snort inline, I've been trying to figure out whether or not Snort/DAQ/NFQ (netfilter) is appropriate or not.
Yes, you can use it as a super-ACL. Beyond that, reverse-proxy caches are useful, as well, as noted in the cited historical email. ---------------------------------------------------------------------- Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com> Equo ne credite, Teucri. -- Laocoön