This repository has been archived by the owner on Mar 22, 2024. It is now read-only.
Data Modeling explanation SCR/DST Vs SRV/CLI #139
Comments
|
There are a number of elements to your question. And it will be a much longer answer than I have time to write at the moment. I'm gonna need a little time. |
|
This issue is being closed as this legacy version of ElastiFlow is now deprecated and is to be archived. Please try the new ElastiFlow, request a free Basic Tier license, and join the ElastiFlow Community Slack. Thank you. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi Rob,
we actual use Netflow to identify volumetric DDOS Attack, and so we usually query DB based on pkt or traffic, for top IP (filtered in a specific network), in order to identify the victim. Same, for identify victim Port: (filtered by IP victim) we query DB on top IP, alway sort by pkt or traffic.
Volumetric attack are always "one direction" conversation, so i need to better understand how do you classify ip DST/SRC in to server or client model. Can you please clarify? and how (in my case) SRV/CLI is better then SCR/DST ?
Thanks a lot
The text was updated successfully, but these errors were encountered: