On Oct 8, 2014, at 10:24 PM, Paige Thompson <paigead...@gmail.com> wrote:
> Re pp: 30-36 I think I catch your drift (ie: using cisco netflow to detect a > synflood?) but would you care to summarize just in case because > I am not this savvy, but would like to understand. Yes, you can do that - there are plenty of open-source tools out there. But pay attention to the infrastructure and host BCPs in that preso, as well. > Also in regards to snort inline, I've been trying to figure out whether or > not Snort/DAQ/NFQ (netfilter) is appropriate or not. Yes, you can use it as a super-ACL. Beyond that, reverse-proxy caches are useful, as well, as noted in the cited historical email. ---------------------------------------------------------------------- Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> Equo ne credite, Teucri. -- Laocoön
