On 10/08/14 17:54, Roland Dobbins wrote: > On Oct 8, 2014, at 9:43 PM, Paige Thompson <paigead...@gmail.com> wrote: > >> Any thoughts on this are appreciated, > <http://mailman.nanog.org/pipermail/nanog/2010-January/016747.html> > > <https://app.box.com/s/e6hdt0iansu1sdb6m42t> pp. 30-36. > > ---------------------------------------------------------------------- > Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> > > Equo ne credite, Teucri. > > -- Laocoön > Re pp: 30-36 I think I catch your drift (ie: using cisco netflow to detect a synflood?) but would you care to summarize just in case because I am not this savvy, but would like to understand.
Also in regards to snort inline, I've been trying to figure out whether or not Snort/DAQ/NFQ (netfilter) is appropriate or not. I cannot get this to work but it seems like on a gatway, for example where I have all of this iptables stuff that NFQ would be appropriate and would probably help with all of the false positives (3 way handshake and a couple of others) I see when trying to use the pcap driver (the only one that will work.)