At 11:15 AM -0500 8/25/05, sjk wrote:
We use both -- NetFlow gives us trending data which helps us
identify issues and patterns, Snort allows us to perform a deeper
analysis -- I don't think you could use one and not the other and
have effective traffic inspection.
I think we are in agreement. Remember, I was dealing specifically
with surveillance. Surveillance and deeper analysis are complementary.
On Thu, 25 Aug 2005, Florian Weimer wrote:
I'd most certainly use an IDS (i.e. SNORT) for this instead of
netfow....
Could you provide a use case at the ISP level where an IDS is indeed
superior to NetFlow data collection?
(Take into account that ISPs typically see the effects of new malware
well before the AV companies. 8-)
_____________________________________
[EMAIL PROTECTED]
http://www.cupacoffee.net
No one can understand the truth until
he drinks of coffee's frothy goodness.
~Sheik Abd-al-Kadir
This .sig must be preserved. I go to refill my cup.
Has anyone ever quantified the relationship between available network
clue and available caffeine?
