Security Applications of cflowd
Wrapping Up
Router de-encapsulation of network and transport layer headers,
NetFlow export, and cflowd collection simplifies monitoring of
OC-3 links.
- However, no access to application layer is available (good or bad,
depending on how you look at it).
Detection of sparse, long-duration network and host scans is
enabled by long-term database archiving and datamining of
raw cflowd data.
Site traffic profiling and anomaly detection.
Next-hop router data enables tracing link layer forged-source
denial-of-service attacks.
- However, inter-realm trust management capabilities needed for
inter-AS tracing.