Working in technical support I get asked a lot, “I enabled NetFlow on my router, why don’t I see outbound traffic?” This is because NetFlow version 5 only supports ingress flow monitoring and they don’t have NetFlow enabled on all interfaces. In NetFlow v5 outbound traffic is calculated by the idea what goes in must go out (or stop at the router) so, it’s necessary that all interfaces are monitoring ingress traffic to get an accurate representation of outgoing traffic. So, if ingress monitoring has been working great all along why enable egress monitoring?

Read more »

This is the final part in a two-part blog series on using Cisco NetFlow to identify if your network is part of a botnet. Part 1 gave a quick overview of distributed denial of service (DDoS) attacks and how they’re often caused by botnets flooding Web sites with requests, thus making the Web site inaccessible to others.

It’s not just home computers that could be part of botnets. Any work computer could be compromised if users unwittingly download malware or visit malicious Web sites, putting corporate networks at risk.  How can Cisco NetFlow be used to identify DDoS attacks?
Read more »