15

Security Applications of cflowd
Wrapping Up

    Router de-encapsulation of network and transport layer headers, NetFlow export, and cflowd collection simplifies monitoring of OC-3 links.
    • However, no access to application layer is available (good or bad, depending on how you look at it).

    Detection of sparse, long-duration network and host scans is enabled by long-term database archiving and datamining of raw cflowd data.

    Site traffic profiling and anomaly detection.

    Next-hop router data enables tracing link layer forged-source denial-of-service attacks.
    • However, inter-realm trust management capabilities needed for inter-AS tracing.