Using NetFlow to tell if your network is part of a botnet, Part 1

Posted in IT News, NetFlow, NetFlow Analyzer, Network Traffic Monitor, Security on August 12th, 2009 by NewsTrax
Using NetFlow to tell if your network is part of a botnet, Part 1

Distributed denial of service (DDoS) attacks are unfortunately par for the course on the Internet these days but when high-profile sites are targeted, the attacks are big news. Take for example last week’s DDoS attack on Twitter, which the microblogging site speculated was geopolitical in motivation.

Quick overview of DDoS

DDoS attacks are often caused by botnets flooding Web sites with requests thus bringing the site’s Web servers to their robotknees. A botnet is a collection of computers that have been compromised by viruses and worms so that they can be controlled by malicious individual(s). An example could be the collection of computers compromised by Conficker, however a Conficker botnet has yet to be leveraged to do harm.

In the case of Twitter, the irony is that it could have been the compromised computers of some of Twitter’s own users that caused the DDoS. Read more »

Tags: , , , , , , , , , , , ,

1 Comment »

Network security: Cisco NetFlow watching for strange behavior on your network

Posted in NetFlow, Scrutinizer, Security on March 20th, 2009 by mike@plixer.com
Network security: Cisco NetFlow watching for strange behavior on your network

After reviewing the SANS Top-20 2007 Security Risks, I started asking myself and the rest of our security team how the behavior analysis features of Flow Analytics accurately detects such Internet threats. This is especially important as these concerns are constantly changing making it difficult to stay on top of topics such as the latest on Conficker.

Network Security

Back to security basics
We decided to go back and answer the question “What is computer security?”. We pretty much agreed that it is the unauthorized use – even if only attempted – of any computer. We then asked “How do we assist companies in this area?”. We all agreed that our solution detects problems that have already gotten past traditional security practices such as antivirus software on desktops, firewalls and intrusion detection systems.

Who is watching for strange behaviors?
I think everyone would agree that infected machines will make it onto the network. Our goal is to detect, flag and even stop host behaviors that could cause problems locally or for other hosts on the network.

Related read: Downadup/Conficker Worm caught by using Flow Analytics, NetFlow Analyzer

Michael Patterson
Founder and CEO

For a free 30 day trial of Scrutinizer, Download Now!

Sign up for Advanced NetFlow Training™ coming to a city near you!

Tags: , , , , , , ,

Leave A Comment »