Howard, I'd most certainly use an IDS (i.e. SNORT) for this instead of netfow....
- ferg
-- "Howard C. Berkowitz" <[EMAIL PROTECTED]> wrote:
NetFlow is the key to analyzing traffic patterns outside the router,
looking for DDoS signatures when known, and for traffic anomalies that
may become DDoS.
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for the Internet
[EMAIL PROTECTED] or [EMAIL PROTECTED]
ferg's tech blog: http://fergdawg.blogspot.com/
