[Discussion] Features suggestion

Jeremy Hewlett jh at dok.org
Fri Nov 7 21:31:41 UTC 2008


On Fri, Nov 07, 2008 at 13:22:11 -0500, Jason Lewis wrote:
> devices for the end goal of preventing network attacks?  Instead of
> building a tool that stores netflow, how about a tool that can control
> devices that already collect netflow and use that data in a smarter way?

I've been using IDS with IPaudit/IPaudit-web* with reasonable success in
tracking (potentially) compromised hosts. The graphs also give a quick
overview of host and traffic conditions (caught quite a few p2p users and
worm outbreaks with the graphs alone).

*http://ipaudit.sourceforge.net/ipaudit-web/



More information about the Discussion mailing list