[afnog] Data mining for African ISP

Global One Solutions malabow at gmail.com
Sun Mar 22 03:17:22 UTC 2009


Phill,

Thanks for the respond, i forgot to hit reply-all, I agree with you that
these turnkey solutions (a) require alot of $$$, (b) requires training to
the team. I have been involved both set up, where we first used home-grown
application that helped us track mainly DDoS attack, and tool that tracked
our Core traffic usage so we can build the network more intelligent. This
has significant downside, specially if you lose the skilled engineer(s) that
managed/build that homegrown application, you then have to dedicate someone
to learn, or hire consult. I would expect the ISP would want to focus their
core business, and not developing application (if you have the money).


Thanks,

Thanks,


On Sat, Mar 21, 2009 at 9:23 PM, Phil Regnauld <regnauld at nsrc.org> wrote:

>        Please keep the Cc: to the Afnog list at least (am not subscribed to
>        Afrispa, and therefore am not cross posting to it).
>
>        You can implement advanced warnings and achieve proper capacity
> planning
>        before you hit limits (pro active), whether you use simple
> thresholds
>        or linear extrapolation.  As to what size network these tools are
> good
>        for, pretty much any.  Of course it's not "out of the box"
> functionality.
>
>        ISPs use the tools I listed, or variations thereof.  It doesn't
>        mean that there aren't any good comercial tools out there (I've
>        developed some), but most require significant
> customization/configuration,
>        and have typically steep licensing fees.  My experience is most
> network
>        operators end up building their own toolsets and systems based on
>        generally available software.  Most of larger monitoring suites out
> there
>        are built on smaller components (like those cited), with a bit of
> glue
>        between the pieces to make it work.
>
>        Of course there probably are turnkey products out there that do all
>        this, but turnkey is a bit of a misnomer - they still require a huge
>        effort to learn, configure, and deploy.
>
>        Phil
>
> Global One Solutions (malabow) writes:
> > Phil,
> >
> > Thanks for the respond, i guess Africa uses these free or almost free
> tools
> > for DDoS, but these tools are mainly for re-active and not pro-active,
> but i
> > m sure with some tweaks you can set some threshold, and if i m not wrong,
> > these tools are good for midsize network, I am looking something similar
> > like Arbor. This question was just for information.
> >
> >
> > Thanks,
> >
> > On Sat, Mar 21, 2009 at 4:19 PM, Phil Regnauld <regnauld at nsrc.org>
> wrote:
> >
> > > Global One Solutions (malabow) writes:
> > > > Team,
> > > >
> > > > I would like to hear what our local ISP in African is using for
> > > data-mining,
> > > > which helps them deal  with (a) with DDoS attack, (b) Understand
> their
> > > > traffic pattern, which helps them plan their capacity planning.  I
> know
> > > DDoS
> > > > attack is very critical to the operation folks and some of us used or
> > > still
> > > > use home grown application. You can buzz offline if you want to. Any
> > > > feedback is greatly appreciated.
> > >
> > >         Look at:
> > >
> > >        - netflow, pmacct, pmgraph, netflowdashboard, tcpdump,
> wireshark,
> > > cacti,
> > >        ...
> > >
> > >        It really depends what wou want to achieve.
> > >
> >
> >
> >
> > --
> > Liban Mohamed
> > Global One Solution
> > www.globalonesolutions.net
> > CCIE#22493
>
> --
>  "Hey kid, go scan a /48"
>



-- 
Liban Mohamed
Global One Solution
www.globalonesolutions.net
CCIE#22493
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20090321/b5b40e05/attachment.html>


More information about the afnog mailing list