I’ve been working with a service provider that deploys ASR1006 routers at his ISP’s internet Edge. They use private IP addressing which is NATed at the internet edge network. This allows scaling of IP addressing such that if they ever have more subscribers than available public IP address space they are not limited. The problem that this presents is that his country has regulations where government authorities ask that ISPs identify a subscriber based on IP address and time provided by authorities to the ISP. So he needed some reporting that would provide this visibility. Read more
This is a follow up to Michael Patterson’s blog last month regarding Cisco ASA v8.4(5) supports bidirectional NetFlow exports.
Our IPFIX and NetFlow Analyzer is the only NetFlow solution that supports the new bidirectional flows exported by the Cisco ASA.
This Cisco ASA update makes network traffic monitoring more accurate because the prior NetFlow export added the bytes between two hosts into one Octet Total Counter.
This is part #1 of a two part series on detecting P2P botnets with NetFlow. For years botnets such as Zeus and Spyeye made use of a centralized command and control (“C2”) server. This approach to botnet management was easily detectable using reputation services and other black-listing technology. While many botnets still use a traditional C2, a new breed of botnet has emerged that removes the need for a C2. These botnets make use of peer-to-peer technology to download configuration data and commands as obtaining the C2 IP to upload stolen information to the attacker. In part #1 of this blog series we’ll explore how P2P botnets work then cover detection and mitigation of P2P botnets in part #2.
The other day a customer called in asking about Ericsson SmartEdge NetFlow support; I had never heard of it. I opened another browser tab and started searching on Ericsson NetFlow Support. I found that back in July of 2009, Glen Hunt of Current Analysis did a study comparing the Ericsson NetFlow switch to Cisco, Juniper and other vendors.
Our Network security solution is a leader in cutting edge NetFlow collection innovation; here are top 13 features you should know about:
- Chosen by Cisco to support their most innovative Flexible NetFlow technologies. The “Medianet 2.2 Deployment Guide” can be found on page 7,8,10 & 11. We were the first to support Cisco Performance Monitoring (PfR) FnF exports which help secure that business related traffic receives priority. Read more