Date: Thu, 9 Sep 2004 18:08:39 -0700 From: Tim Spencer <tspencer@hungry.com> To: Andre Oppermann <andre@freebsd.org> Cc: net@freebsd.org Subject: Re: [TEST/REVIEW] Netflow implementation Message-ID: <F2D8E415-02C5-11D9-87A1-000A95C4EC66@hungry.com> In-Reply-To: <4140B8DF.FB83435C@freebsd.org> References: <20040905121111.GA78276@cell.sick.ru> <4140834C.3000306@freebsd.org> <20040909171018.GA11540@cell.sick.ru> <414093DE.A6DC6E67@freebsd.org> <20040909194117.GB12168@cell.sick.ru> <4140B8DF.FB83435C@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 9, 2004, at 1:11 PM, Andre Oppermann wrote: > Just because you have to use Netflow on Cisco IOS doesn't mean you > don't > have (or can invent) better tools on FreeBSD. > Netflow is really useful for auditing and forensics. If you have it enabled for your routers, you can see who did what when, and how much they did it. Thus, if you have a breakin, you can go back and see what IP addresses they came from, what places they pulled their tools down from, and where else they went afterwards. You can also look at the logs that are generated and scan for "scary" or "odd" traffic, and thus see trends of what people are doing in your network. This allows you to get ahead of the curve and start thinking about what happens when everybody starts running that new VOIP thing that seems to send out millions of 64 byte packets or whatever. It also allows you to look at what has been filling up your pipe over the past few days, and thus be able to give precise answers to management when they ask why things have been so slow recently. The CAIDA flow-tools stuff allows you to visualize a lot of this stuff easily, and there are a lot of other good tools that work with standard netflow data out there as well. So believe me, netflow stuff is way cool! The more we can support it, the better! -tspencer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F2D8E415-02C5-11D9-87A1-000A95C4EC66>