1
0
mirror of https://github.com/pavel-odintsov/fastnetmon synced 2024-11-23 17:32:59 +01:00
fastnetmon-rewritten/NETFLOW_DISADVANTAGES.md
2014-11-22 17:17:26 +04:00

401 B

Why netflow is not an best solution for DoS/DDoS attack detection?

  • It need additional licenses or even hardware (Juniper MX240, MX480, MX960 - additional license)
  • It realized in software and can overload equipment (Juniper SRX, J-series, Microtic, VmWare, Linux)
  • Even on top equipment flow-active-timeout starts from 60 seconds and it's very slow for massive attacks and slow-speed-attacks both