25 Aug
2005
25 Aug
'05
12:06 p.m.
I'd most certainly use an IDS (i.e. SNORT) for this instead of netfow....
Could you provide a use case at the ISP level where an IDS is indeed superior to NetFlow data collection? (Take into account that ISPs typically see the effects of new malware well before the AV companies. 8-)