Chapter 15. Using Switches to Detect a Data Plane DoS

Because switches are disseminated all around a network, they are a convenient means to detect a denial of service (DoS) attack or even a virulent worm. NetFlow is a telemetry system, and it allows not only billing and monitoring, but detecting unusual and suspicious behavior, such as a propagating worm or a DoS attack. A remote sensor called Remote Monitoring (RMON) can display several network parameters; a change from the baseline of those parameters is a good indicator of an abnormal event.

Detecting DoS with NetFlow

NetFlow[1] is a well-known telemetry technology that has been around for more than ten years. (It first appeared in 1996.)


This section introduces the NetFlow technology. If ...

Get LAN Switch Security: What Hackers Know About Your Switches now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.