[unisog] Cisco netflow and argus (was registering servers)

Rudolph Pereira rudolph at usyd.edu.au
Mon Jul 31 01:38:48 GMT 2006


On Sun, Jul 30, 2006 at 05:40:41PM -0700, Lucy E. Lynch wrote:
> looks like there is lots of 3rd party action -maybe you just need 
> better tools? see:
> 
> http://www.projects.ncassr.org/sift/
> http://www.nanog.org/mtg-0602/pdf/yurcik.pdf
> 
> and
> 
> http://www.cert.org/flocon/
thanks for the links, but while I've looked at some of the tools
mentioned they don't address my original point, which is whether netflow
in it's current implementation (on, for example, current cisco
platforms) is useable for security work and to a lesser extent the traffic
analysis being discussed. For the record we're using nfsen/nfdump
with reasonable success, but I have no way to tell whether the flow
information coming from the routers is correct or complete (even to 90%
probability). If it is correct, then there's very little point to moving
to argus for us, and I suspect for most people who have netflow
infrastructure already set up - but there appears to me to be a constant
murmur of "netflow doesn't cut it" that I'd like to investigate.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.dshield.org/pipermail/unisog/attachments/20060731/a7e27c48/attachment.bin 


More information about the unisog mailing list