[AusNOG] What tool shows this?

James Braunegg james.braunegg at micron21.com
Sat Feb 15 21:05:02 EST 2014


Dear Jimmy

I feel your pain in identifying and quickly finding abnormal traffic, this is what I live and breathe almost every day !

Winding back the clock say 4 or years ago I remember trying lots of software and evaluating lots of options with one goal in mind... Find attack traffic and quickly identify the source and destination along with the protocol in near real time, enabling us to lower the time it took to deal with threats, relying on SNMP data for this purpose was useless.

In the end we choose ManageEngine Netflow Analyzer which provided a fantastic starting point for us in providing real time visibility, whilst now a days we NSFOCUS hardware mainly for DDoS detection and mitigation we still to this day use ManageEngine Netflow Analyzer within our NOC !

A very old case study of mine can be found here -  http://micron21.com/ddos-netflow.php

Whilst the software is commercial I believe it's still very well priced, and the free version from memory supports a single interface for free !

Back in the days the software developers were very helpful in helping create custom modifications building new features and functions for us so well worth in my eyes checking it out !

Kindest Regards

James Braunegg
P:  1300 769 972  |  M:  0488 997 207 |  D:  (03) 9751 7616
E:   james.braunegg at micron21.com<mailto:james.braunegg at micron21.com>  |  ABN:  12 109 977 666
W:  www.micron21.com/ddos-protection<http://www.micron21.com/ddos-protection>   T: @micron21


[Description: Description: Description: Description: M21.jpg]
This message is intended for the addressee named above. It may contain privileged or confidential information. If you are not the intended recipient of this message you must not use, copy, distribute or disclose it to anyone other than the addressee. If you have received this message in error please return the message to the sender by replying to it and then delete the message from your computer.

From: AusNOG [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Jimmy
Sent: Saturday, February 15, 2014 3:28 PM
To: ausnog at lists.ausnog.net
Subject: [AusNOG] What tool shows this?

I wonder what network monitoring tool is this?[Inline images 1]

Also what is a good network monitoring tool (open source preferred) that collects netflow data and can easily show a current traffic anomaly e.g. a ddos attack quickly and succinctly? The primary goal is to help me identify the traffic anomaly, if there's a certain IP address being targeted, etc.

I am currently using ntop but I find it a little cumbersome and slow, although it's helpful, but it isn't giving me a nice output like the above.

Thanks!

Jimmy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140215/cf70d068/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2683 bytes
Desc: image001.jpg
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140215/cf70d068/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.png
Type: image/png
Size: 15521 bytes
Desc: image003.png
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20140215/cf70d068/attachment-0001.png>


More information about the AusNOG mailing list