Dear Mister Dobbins, Thank you for your reply.
Flow telemetry has demonstrated its extraordinary utility to network operators worldwide over the last decade, and continued advances such as Cisco's Flexible NetFlow and the IETF IPFIX/PSAMP effort signify that this is the broad consensus of the operational community.
What about Argus ? [1] http://qosient.com/argus/
Layer-7 attacks against various types of services/apps can achieve significant amplification effects and disproportionate impact, are increasing in frequency and impact, and therefore must be addressed by any operationally viable solution in this space.
I believe that an effective and operationally useful open-source solution for basic DDoS detection/classification/traceback/mitigation can be implemented using existing widely-used and -understood tools/techniques as described here:
<http://mailman.nanog.org/pipermail/nanog/2010-January/016747.html>
Me and my partners are working on a Flow Based Security Awareness Framework for High-Speed Networks. http://docs.google.com/viewer?url=http://www.vabo.cz/spi/2009/presentations/... For a demo : http://demo.cognitivesecurity.cz/ I look forward to your answer, Best Regards, Guillaume FORTAINE [1] https://tools.netsa.cert.org/wiki/download/attachments/10027010/Bullard_IntroductionToArgus.pdf?version=1&modificationDate=1263221338000