?
Solved

SNMP based network monitoring tools + DDOS

Posted on 2004-09-25
3
Medium Priority
?
395 Views
Last Modified: 2013-12-07
Network experts,
    Is all networking monitoring tools require to running SNMP with the router and switches and what are the pros and cons of them? I know the most popular ones are MRTG, HP OpenView and  NetScout.
   If during a DDOS attack or Virus outbreak, Can they see the attack real time and response in time?

regards,
NicK


0
Comment
Question by:nicotine1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 9

Expert Comment

by:cooledit
ID: 12154391
whats up gold

solarwinds
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 12154395
Not all network monitoring tools use SNMP.
Nagios is one that does not  - http://www.nagios.org
Most of the others do. Other examples include SolarWinds Orion http://www.solarwinds.net
NetCrunch by Adrem  http://www.adrem.com
Both of the above can use SNMP or ICMP to monitor. ICMP is up/down only
Others use a combination of ICMP, SNMP, and services responses.
You can get a lot more information using SNMP because vendors support it. The only con to using it is that too many implementations use the default community strings "public" and "private". The community string should be treated just like a password, and the systems configured to accept SNMP commands from specific IP addresses only. Allowing SNMP write capability can be very dangerous on a network.

SNMP will not sense a ddos attack, virus outbreak, or other anomalous behavior. You need to have some device on your network that can sense these things, either by signature or by unusual traffic. These are Intrusion Detection "sensors". Sensors report back to a management console of some type. That management console can than be set to protect specific network devices, for example to create a blocking route access list and automatically apply it to a router.

IDS and SNMP are two wildly different things.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12280355
Are you still working on this? Can we be of any more assistance?
Can you close out this question?

0

Featured Post

Video: Liquid Web Managed WordPress Comparisons

If you run run a WordPress, you understand the potential headaches you may face when updating your plugins and themes. Do you choose to update on the fly and risk taking down your site; or do you set up a staging, keep it in sync with your live site and use that to test updates?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question