Background/Objectives: DDoS attacks are usually detected by analysis of the applications that are installed in or close to the current system are carried out. Methods/Statistical Analysis: Although this method is easy to deploy, but nonurgent and sensitive detection of DDoS attacks that reasons are first, the fact that the write current by interrupting the current collector is normally the data for application analysis creates pieces that caused a delay of several minutes to be recognized. Second, if the attack traffic may be strengthened by the process of sending the original package small enough to be part of a small stream. Findings: In this research paper will show how to detect DDoS attacks on the sender instead of the current collection, the data close to the source and immediate fashion, which had access to a streaming surveillance infrastructure with development needs. In this study, to examine whether the detection system may operate on the same network platform is widely deployed Cisco IOS devices. Since the ultimate goal of the research is to identify the attackers and its objectives, the use of NetFlow. Applications/Improvements: In this paper, the DDoS attack detection prototype has been shown to produce a constant load on the underlying platform, even under attack, stressing that detects DDoS attack can be a Cisco Catalyst 6500 models used in production networks.