2006.02.14 talk 2 Netflow tools
Bill Yurcik
byurcik at ncsa.uiuc.edu
NVisionIP and VisFlowConnect-IP
probably a dozen tools out there, this is just
two of them. Concenses is there's something to
this.
They're an edge network, comes into ISP domain,
their tools are used by entities with many
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
thanks for taking notes.
comments in-line:
Matthew Petach wrote:
2006.02.14 talk 2 Netflow tools
Bill Yurcik
byurcik at ncsa.uiuc.edu
NVisionIP and VisFlowConnect-IP
probably a dozen tools out there, this is just
two of them. Concenses
Roland Dobbins - that's me asking about the time intervals for the
bins and the TCP flags stuff.
;
Note that 5-minute bins may not always be optimal for opsec - 5
minutes minimum to see something happening and then 5 minutes to see
if your mitigation action was effective is a long