Chapter 15. Using Switches to Detect a Data Plane DoS

Because switches are disseminated all around a network, they are a convenient means to detect a denial of service (DoS) attack or even a virulent worm. NetFlow is a telemetry system, and it allows not only billing and monitoring, but detecting unusual and suspicious behavior, such as a propagating worm or a DoS attack. A remote sensor called Remote Monitoring (RMON) can display several network parameters; a change from the baseline of those parameters is a good indicator of an abnormal event.

Detecting DoS with NetFlow

NetFlow1 is a well-known telemetry technology that has been around for more than ten years. (It first appeared in 1996.)

Note

This section introduces the NetFlow technology. ...

Get LAN Switch Security: What Hackers Know About Your Switches now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.