Problems with flows

From: Tom Braun (tombraun_at_hotpop.com)
Date: 07/26/05 

Date: 25 Jul 2005 20:26:03 -0700

There seem to be many people who use netflow to monitor their network.
But the other day, I found this here, where someone is raising some
serious concerns about netflow:

   http://esphion.blogs.com/esphion/2005/07/more_problems_w.html

They are specifically talking about anomaly detection and are proposing
using a packet based solution instead.

What is the consensus or at least, what are the most popular opinions,
when it comes to netflow? Does this person have a point, or is this all
nonsense?

Tom

Relevant Pages

  • Re: Current state of Anomaly-based Intrusion Detection
    ... Extending the concept in a slightly different direction.. ... I fully agree, NetFlow has it's place, even if it only logs the metadata. ... detection" in network flows is to extend something like MSs LogParser ... > anomaly detection technology anywhere you have NetFlow capable ...
    (Focus-IDS)
  • RE: NetFlow for IDS
    ... Lancope - Security through Network Intelligence ... Subject: NetFlow for IDS ... MARS is not an NBAD product and should not ... > Find out quickly and easily by testing it with real-world attacks from ...
    (Focus-IDS)
  • RE: NetFlow for IDS
    ... One of the great thing about leveraging network flows is that you can ... of people who don't even know about flow technologies such as NetFlow ... Subject: NetFlow for IDS ...
    (Focus-IDS)
  • Re: NetFlow for IDS
    ... You can get Netflow, sFlow, RMON and MIBII with it. ... ATS - Advanced Telecom Systems S.p.A. ... Designing, Testing, Managing Network Quality ...
    (Focus-IDS)
  • Re: Problems with flows
    ... :There seem to be many people who use netflow to monitor their network. ... :using a packet based solution instead. ... to be much faster than a dedicated high-performance router in order ...
    (comp.security.misc)