Solved

SNMP based network monitoring tools + DDOS

Posted on 2004-09-25
3
387 Views
Last Modified: 2013-12-07
Network experts,
    Is all networking monitoring tools require to running SNMP with the router and switches and what are the pros and cons of them? I know the most popular ones are MRTG, HP OpenView and  NetScout.
   If during a DDOS attack or Virus outbreak, Can they see the attack real time and response in time?

regards,
NicK


0
Comment
Question by:nicotine1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 9

Expert Comment

by:cooledit
ID: 12154391
whats up gold

solarwinds
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 12154395
Not all network monitoring tools use SNMP.
Nagios is one that does not  - http://www.nagios.org
Most of the others do. Other examples include SolarWinds Orion http://www.solarwinds.net
NetCrunch by Adrem  http://www.adrem.com
Both of the above can use SNMP or ICMP to monitor. ICMP is up/down only
Others use a combination of ICMP, SNMP, and services responses.
You can get a lot more information using SNMP because vendors support it. The only con to using it is that too many implementations use the default community strings "public" and "private". The community string should be treated just like a password, and the systems configured to accept SNMP commands from specific IP addresses only. Allowing SNMP write capability can be very dangerous on a network.

SNMP will not sense a ddos attack, virus outbreak, or other anomalous behavior. You need to have some device on your network that can sense these things, either by signature or by unusual traffic. These are Intrusion Detection "sensors". Sensors report back to a management console of some type. That management console can than be set to protect specific network devices, for example to create a blocking route access list and automatically apply it to a router.

IDS and SNMP are two wildly different things.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12280355
Are you still working on this? Can we be of any more assistance?
Can you close out this question?

0

Featured Post

Webinar: MongoDB® Index Types

Join Percona’s Senior Technical Services Engineer, Adamo Tonete as he presents “MongoDB Index Types, How, When and Where Should They be Used?” on Wednesday, July 12, 2017 at 11:00 am PDT / 2:00 pm EDT (UTC-7).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question