Why netflow is not an best solution for DoS/DDoS attack detection?
- It need additional licenses or even hardware (Juniper MX240, MX480, MX960 - additional license)
- It realized in software and can overload equipment (Juniper SRX, J-series, Microtic, VmWare, Linux)
- Even on top equipment flow-active-timeout starts from 60 seconds and it's very slow for massive attacks and slow-speed-attacks both