Solved

SNMP based network monitoring tools + DDOS

Posted on 2004-09-25
3
374 Views
Last Modified: 2013-12-07
Network experts,
    Is all networking monitoring tools require to running SNMP with the router and switches and what are the pros and cons of them? I know the most popular ones are MRTG, HP OpenView and  NetScout.
   If during a DDOS attack or Virus outbreak, Can they see the attack real time and response in time?

regards,
NicK


0
Comment
Question by:nicotine1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 9

Expert Comment

by:cooledit
ID: 12154391
whats up gold

solarwinds
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 12154395
Not all network monitoring tools use SNMP.
Nagios is one that does not  - http://www.nagios.org
Most of the others do. Other examples include SolarWinds Orion http://www.solarwinds.net
NetCrunch by Adrem  http://www.adrem.com
Both of the above can use SNMP or ICMP to monitor. ICMP is up/down only
Others use a combination of ICMP, SNMP, and services responses.
You can get a lot more information using SNMP because vendors support it. The only con to using it is that too many implementations use the default community strings "public" and "private". The community string should be treated just like a password, and the systems configured to accept SNMP commands from specific IP addresses only. Allowing SNMP write capability can be very dangerous on a network.

SNMP will not sense a ddos attack, virus outbreak, or other anomalous behavior. You need to have some device on your network that can sense these things, either by signature or by unusual traffic. These are Intrusion Detection "sensors". Sensors report back to a management console of some type. That management console can than be set to protect specific network devices, for example to create a blocking route access list and automatically apply it to a router.

IDS and SNMP are two wildly different things.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12280355
Are you still working on this? Can we be of any more assistance?
Can you close out this question?

0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question