Solved

SNMP based network monitoring tools + DDOS

Posted on 2004-09-25
3
343 Views
Last Modified: 2013-12-07
Network experts,
    Is all networking monitoring tools require to running SNMP with the router and switches and what are the pros and cons of them? I know the most popular ones are MRTG, HP OpenView and  NetScout.
   If during a DDOS attack or Virus outbreak, Can they see the attack real time and response in time?

regards,
NicK


0
Comment
Question by:nicotine1
  • 2
3 Comments
 
LVL 9

Expert Comment

by:cooledit
ID: 12154391
whats up gold

solarwinds
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 12154395
Not all network monitoring tools use SNMP.
Nagios is one that does not  - http://www.nagios.org
Most of the others do. Other examples include SolarWinds Orion http://www.solarwinds.net
NetCrunch by Adrem  http://www.adrem.com
Both of the above can use SNMP or ICMP to monitor. ICMP is up/down only
Others use a combination of ICMP, SNMP, and services responses.
You can get a lot more information using SNMP because vendors support it. The only con to using it is that too many implementations use the default community strings "public" and "private". The community string should be treated just like a password, and the systems configured to accept SNMP commands from specific IP addresses only. Allowing SNMP write capability can be very dangerous on a network.

SNMP will not sense a ddos attack, virus outbreak, or other anomalous behavior. You need to have some device on your network that can sense these things, either by signature or by unusual traffic. These are Intrusion Detection "sensors". Sensors report back to a management console of some type. That management console can than be set to protect specific network devices, for example to create a blocking route access list and automatically apply it to a router.

IDS and SNMP are two wildly different things.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12280355
Are you still working on this? Can we be of any more assistance?
Can you close out this question?

0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now