<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Ciao,</p>
<p> no non lo supporta. Se serve solo l' identificazione guarda
WANsight puoi lavorare sulle custom expressions, creare custom
decoders etc. <br>
</p>
<p>Non usarlo per la mitigazione però perchè è inguardabile.<br>
</p>
<div class="moz-cite-prefix">Il 06/11/2019 13:14, Brian Turnbow via
itnog ha scritto:<br>
</div>
<blockquote type="cite"
cite="mid:000001d5949b$bf00cc80$3d026580$@twt.it">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]-->
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Gill Sans Light";
panose-1:2 11 3 2 2 1 4 2 2 3;}
@font-face
{font-family:"Gill Sans";
panose-1:2 11 5 2 2 1 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:70.85pt 56.7pt 56.7pt 56.7pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span lang="IT">Ieri sera al minog abbiamo
parlato del utilizzo di netflow con tcp syn flag utili per
ddos detection e volevo inviare questa presentazione di
cisco live.<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="IT">Ci sono dei bei esempi sul
utilizzo di “flexible netflow” per raccogliere anche i flag
tcp , utili per identificare syn flood….<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="IT"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="IT"><o:p> </o:p></span></p>
<p class="MsoNormal"><a
href="https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2015/pdf/BRKNMS-3132.pdf"
moz-do-not-send="true">https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2015/pdf/BRKNMS-3132.pdf</a><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span lang="IT">Qualcuno sa se fastnetmon
supporta tcp flags da netflow?<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="IT">Nella version opensource mi
pare proprio di no<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="IT">Ma forse nella versiona a
pagamento<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="IT"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="IT">Brian<o:p></o:p></span></p>
<p class="MsoNormal"><span lang="IT"><o:p> </o:p></span></p>
<p class="MsoNormal"><span lang="IT"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#002A69"
lang="IT">Brian Turnbow</span></b><b><span
style="font-size:8.0pt;font-family:"Verdana",sans-serif"
lang="IT"><o:p></o:p></span></b></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#003A78"
lang="IT">CTO <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#003A78"
lang="IT"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;font-family:"Verdana",sans-serif"><img
id="Immagine_x0020_3"
src="cid:part2.B08A76F9.BC9F90DD@seflow.net"
alt="logo-grande" class="" width="113" height="54"
border="0"></span><span
style="font-size:9.0pt;font-family:"Verdana",sans-serif"
lang="IT"><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#003A78"
lang="IT"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#003A78"
lang="IT">TWT S.p.A.<o:p></o:p></span></b></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#003A78"
lang="IT">Viale Edoardo Jenner 33, Milano (Italy)<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#003A78">Ph.
+39 02 89089.1<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#003A78">Fax
+39 02 89089.211<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#003A78"><a
href="mailto:b.turnbow@twt.it" moz-do-not-send="true"><span
style="color:blue">b.turnbow@twt.it</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;font-family:"Verdana",sans-serif;color:#003A78"
lang="IT"><a href="http://www.twt.it" moz-do-not-send="true"><span
style="color:blue">www.twt.it</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Matteo Berlonghi
Chief Technical Officer
mail: <a class="moz-txt-link-abbreviated" href="mailto:matteob@seflow.net">matteob@seflow.net</a>
tel: +39.02 56566235 ext. 6</pre>
</body>
</html>