SNMP based network monitoring tools + DDOS

Network experts,
    Is all networking monitoring tools require to running SNMP with the router and switches and what are the pros and cons of them? I know the most popular ones are MRTG, HP OpenView and  NetScout.
   If during a DDOS attack or Virus outbreak, Can they see the attack real time and response in time?

regards,
NicK


nicotine1Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
lrmooreConnect With a Mentor Commented:
Not all network monitoring tools use SNMP.
Nagios is one that does not  - http://www.nagios.org
Most of the others do. Other examples include SolarWinds Orion http://www.solarwinds.net
NetCrunch by Adrem  http://www.adrem.com
Both of the above can use SNMP or ICMP to monitor. ICMP is up/down only
Others use a combination of ICMP, SNMP, and services responses.
You can get a lot more information using SNMP because vendors support it. The only con to using it is that too many implementations use the default community strings "public" and "private". The community string should be treated just like a password, and the systems configured to accept SNMP commands from specific IP addresses only. Allowing SNMP write capability can be very dangerous on a network.

SNMP will not sense a ddos attack, virus outbreak, or other anomalous behavior. You need to have some device on your network that can sense these things, either by signature or by unusual traffic. These are Intrusion Detection "sensors". Sensors report back to a management console of some type. That management console can than be set to protect specific network devices, for example to create a blocking route access list and automatically apply it to a router.

IDS and SNMP are two wildly different things.
0
 
cooleditCommented:
whats up gold

solarwinds
0
 
lrmooreCommented:
Are you still working on this? Can we be of any more assistance?
Can you close out this question?

0
All Courses

From novice to tech pro — start learning today.