168.5.161 01 0000 0000 423K
Additionally, NetFlow data can be exported from the NetFlow cache to an external collector for further analysis
and can be used to map and identify the nodes under attack and also to determine the attack characteristics. To
export NetFlow data, use the ip flow-export global configuration command.
NetFlow Ecosystem
Cisco has developed a robust ecosystem of NetFlow partners that have developed value-added functionality and
reporting specialties, including accounting, traffic analysis, security, billing, network planning, and network
monitoring. Many freeware tools are available that can analyze NetFlow data, including cflowd, flow-tools, and
autofocus. Several GUI-based applications are available, such as Arbor, Mazu, and Adlex, which leverage
NetFlow data for DoS attack detection and centralized reporting. Threat correlation tools such as Panoptis, used
for anomaly detection, also take advantage of NetFlow data to detect, characterize, and mitigate DoS attacks.
Mitigation Techniques at Layer 2
One of the biggest challenges in securing the network is the OSI Layer 2??”the data-link layer. The OSI reference
model was built to allow different layers to work without the knowledge of each other.
Pages:
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400