Dear Mister Dobbins,
Thank you for your reply.
Flow telemetry has demonstrated its extraordinary utility to network operators
worldwide over the last decade, and continued advances such as Cisco's Flexible
NetFlow and the IETF IPFIX/PSAMP effort signify that this is the broad
consensus of the operational community.
What about Argus ? [1]
http://qosient.com/argus/
Layer-7 attacks against various types of services/apps can achieve significant
amplification effects and disproportionate impact, are increasing in frequency
and impact, and therefore must be addressed by any operationally viable
solution in this space.
https://www.dpacket.org/
I believe that an effective and operationally useful open-source solution for
basic DDoS detection/classification/traceback/mitigation can be implemented
using existing widely-used and -understood tools/techniques as described here:
<http://mailman.nanog.org/pipermail/nanog/2010-January/016747.html>
Me and my partners are working on a Flow Based Security Awareness
Framework for High-Speed Networks.
http://docs.google.com/viewer?url=http://www.vabo.cz/spi/2009/presentations/03/02-celeda_rehak_CAMNEP_no_video.pdf
For a demo :
http://demo.cognitivesecurity.cz/
I look forward to your answer,
Best Regards,
Guillaume FORTAINE
[1]
https://tools.netsa.cert.org/wiki/download/attachments/10027010/Bullard_IntroductionToArgus.pdf?version=1&modificationDate=1263221338000