[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DDOS, IDS, RTBH, and Rate limiting

Subject: DDOS, IDS, RTBH, and Rate limiting
From: rob at esecuredata.com (Robert Duffy)
Date: Thu, 20 Nov 2014 19:00:49 -0800
In-reply-to: <CAK19Y1fzNdTRPKJQZsMZYjUWC61vtNrn3C2NnFEPyczucQxvkA@mail.gmail.com>
References: <CALgsdbdAZ=J9RsUd1U7kbconpVqmGyuEHZ5jOMtVK15c8aTEFA@mail.gmail.com> <[email protected]> <[email protected]> <[email protected]> <CAMY-7PqV8vdQu_M3=B2onVOdxnkz5taedVKTbXAj0Z+zgTGP_A@mail.gmail.com> <[email protected]> <CAK19Y1fzNdTRPKJQZsMZYjUWC61vtNrn3C2NnFEPyczucQxvkA@mail.gmail.com>

I've been using NTOP for couple of years.  I'm mostly looking for something
that can quickly detect DDoS attacks in a datacenter environment.  Thanks
for the suggestions.  I"ll check them out.

On Thu, Nov 20, 2014 at 6:50 PM, Tim Jackson <jackson.tim at gmail.com> wrote:

> I highly recommend pmacct and it's in-memory tables. Lightweight, easy to
> query and super fast.
>
> You can also easily run multiple aggregates of traffic to find what you are
> interested in, tag common interface types to easily filter traffic..
>
> Or you can use pmacct to insert this into whatever database you want, AMQP
> or MongoDB..
>
> My current favorite is using an IMT table for DoS detection and another for
> aggregates for interesting traffic types and querying this every X minutes
> and inserting it into ElasticSearch. Kibana makes the most powerful netflow
> dashboard ever.
>
> --
> Tim
> On Nov 20, 2014 6:39 PM, "Roland Dobbins" <rdobbins at arbor.net> wrote:
>
> >
> > On 21 Nov 2014, at 9:19, Robert Duffy wrote:
> >
> >  What open-source NetFlow analysis tools would you recommend for quickly
> >> detecting a DDoS attack?
> >>
> >
> > I generally recommend that folks get started with something like
> > nfdump/nfsen or ntop.  There are other, more sophisticated tools out
> there,
> > but these allow one to get up and running quickly, and to gain valuable
> > operational experience with which to evaluate more sophisticated tools,
> if
> > they're needed.
> >
> > -----------------------------------
> > Roland Dobbins <rdobbins at arbor.net>
> >
>

-- 
Regards,
Rob
------------------------------------------------------------
--------------------
Robert Duffy
eSecureData.com Inc.
1478 Hartley Ave.
Coquitlam, BC V3K 7A1
T: (800) 620-1985
F: (800) 620-1986

This communication is intended for the use of the recipient to which it is
addressed, and may contain confidential, personal and or privileged
information. Please contact the sender immediately if you are not the
intended recipient of this communication, and do not copy, distribute, or
take action relying on the contents herein. Any communication received in
error, or subsequent reply, should be deleted or destroyed.

Follow-Ups:
- DDOS, IDS, RTBH, and Rate limiting
  - From: contact at winterei.se (Paul S.)

References:
- DDOS, IDS, RTBH, and Rate limiting
  - From: pavel.odintsov at gmail.com (Pavel Odintsov)
- DDOS, IDS, RTBH, and Rate limiting
  - From: rdobbins at arbor.net (Roland Dobbins)
- DDOS, IDS, RTBH, and Rate limiting
  - From: denys at visp.net.lb (Denys Fedoryshchenko)
- DDOS, IDS, RTBH, and Rate limiting
  - From: rdobbins at arbor.net (Roland Dobbins)
- DDOS, IDS, RTBH, and Rate limiting
  - From: rob at esecuredata.com (Robert Duffy)
- DDOS, IDS, RTBH, and Rate limiting
  - From: rdobbins at arbor.net (Roland Dobbins)
- DDOS, IDS, RTBH, and Rate limiting
  - From: jackson.tim at gmail.com (Tim Jackson)

Prev by Date: Clueful Jive Communications Contact?
Next by Date: DDOS, IDS, RTBH, and Rate limiting
Previous by thread: DDOS, IDS, RTBH, and Rate limiting
Next by thread: DDOS, IDS, RTBH, and Rate limiting
Index(es):
- Date
- Thread