Yes, I've crushed a MARS 110 unit with netflow data from around 200
devices.Cisco recommended we switch to a dedicated netflow collector
and then feed the consolidated sessions into MARS rather then have MARS
directly take all the raw netflows (ie layer3 switch flow and router
flow having
Personally, if cost isn't an issue and you're expecting to sink high
volume of traffic, I'd suggest that you go for Peakflow SP together
with TMS (It's still ranked as one of the better ones among the rest).
Else the ADM + AGM should work well enough. Generally for the MARS
boxes, I'd
Hi,
We have a deployed Riverhead/Cisco Guard + Detector platform, that I've been
working reasonably closely with over the last 6-9 months. We run the appliances,
rather than the 6500/7600 modules, and are pretty happy with how they function.
I think that the major issue with this platform right
On Sun, Mar 15, 2009 at 10:54 AM, Drew Weaver drew.wea...@thenap.comwrote:
Does anyone here have any real world experience with Cisco Guard or other
products such as Arbor's Peakflow that they can share?
If you've tried multiple systems and ended up with a specific one, please
share the
MARS really isn't positioned to be a Netflow anomaly detection with the
likes of Arbor and others previously mentioned. It's simply a feature that's
in there to help bring into perspective of what's going on with your Cisco
infrastructure from a threat perspective. And I would definitely be
Hi,
Does anyone here have any real world experience with Cisco Guard or other
products such as Arbor's Peakflow that they can share?
If you've tried multiple systems and ended up with a specific one, please share
the reasoning behind it.
Also, without a dedicated DDoS system deployed, what is
On Mar 15, 2009, at 11:54 PM, Drew Weaver wrote:
Also, without a dedicated DDoS system deployed, what is the most
reliable/fastest way to determine the destination(s) of the attacks
(SNMP, NetFlow, etc)?
With or without a dedicated DDoS mitigation system, NetFlow-based
anomaly-detection
On Mar 16, 2009, at 12:39 AM, Roland Dobbins wrote:
Arbor Peakflow SP, Narus Insight Manager, and Lancope StealthWatch
Xe are three commercial NetFlow-based anomaly-detection systems.
I forgot to add Q1 Labs Q1Radar, and I believe NetQoS now have an
anomaly-detection module, as well,
Searching for netflow ids
(
http://www.google.com/search?q=netflow+idsie=utf-8oe=utf-8aq=trls=org.mozilla:en-US:officialclient=firefox-a)
returns some very interesting results.
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
Roland Dobbins wrote:
On Mar 15, 2009, at 11:54 PM, Drew Weaver wrote:
Also, without a dedicated DDoS system deployed, what is the most
reliable/fastest way to determine the destination(s) of the attacks
(SNMP, NetFlow, etc)?
With or without a dedicated DDoS mitigation system,
Roland Dobbins wrote:
On Mar 16, 2009, at 12:39 AM, Roland Dobbins wrote:
Arbor Peakflow SP, Narus Insight Manager, and Lancope StealthWatch Xe
are three commercial NetFlow-based anomaly-detection systems.
I forgot to add Q1 Labs Q1Radar, and I believe NetQoS now have an
anomaly-detection
On Mar 16, 2009, at 8:03 AM, Justin Shore wrote:
Would its Netflow abilities be useful here?
As with any tool, it's a good idea to test and compare in order to
ensure one's requirements are met.
---
Roland Dobbins
12 matches
Mail list logo