[nsp] NetFlow through a firewall?

Gert Doering gert at greenie.muc.de
Wed May 7 21:57:42 EDT 2003


Hi,

On Wed, May 07, 2003 at 02:46:22PM -0400, Temkin, David wrote:
> Has anyone sucessfully passed NetFlow traffic through a firewall?  If anyone
> has any pointers (ie, how to do this securely...) I'd love to hear them.

It's not trivial, as NetFlow is source-spoofeable UDP.

On the other hand - the worst thing that people can do is send you faked
accounting records (which the flow sequence number checks should catch)
and maybe crash your netflow software.

It should be fairly safe if you make sure you don't permit source
spoofed UDP packets (with a source IP of your routers) from "outside",
and then permit only those sources through your firewall.

gert


-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert.doering at physik.tu-muenchen.de


More information about the cisco-nsp mailing list