Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

Presentation

Fun with Flow

  • January 2011
  • By Richard Friedberg
  • In this presentation, Rich Friedberg describes what you can do with flow to increase the effectiveness of your security monitoring efforts for free.
  • Network Situational Awareness
  • Publisher: Software Engineering Institute
  • Abstract

    While many people use netflow for network monitoring or billing, it is also quite useful for detecting malicious network activity. After a quick recap of pros and cons, we'll cover how you can build a sensor and storage system using open source tools such as YAF (Yet Another Flowmeter) and SiLK (System for Internet Level Knowledge), and then move into how you can use these tools to find cool stuff (using recent threats/attacks as examples). We'll demonstrate some of these capabilities, show you some pretty visualizations and help you get started performing analysis on your own networks. We'll also touch on productive ways to fuse flow data with other data sets for more in-depth analytics, and some recent code releases that may change the way you think about using flow. This talk will be a cliff notes version of interesting things you can do with flow to increase the effectiveness of your security monitoring efforts for free. Tools used for the presentation are open source and will be available at http://tools.netsa.cert.org. If possible we'll demonstrate some of these tools and analysis techniques on data from the Shmoo conference network. 

    This presentation was given at ShmooCon 2011, which took place in Washington, DC, January 28-30, 2011.

  • Slides