[nsp] NetFlow through a firewall?
Temkin, David
temkin at sig.com
Wed May 7 15:59:01 EDT 2003
Thanks. My thought exactly, but I know my security team will ask the
question, so I figured I'd try to be armed with something :-)
-----Original Message-----
From: Gert Doering [mailto:gert at greenie.muc.de]
Sent: Wednesday, May 07, 2003 2:58 PM
To: Temkin, David
Cc: cisco-nsp at puck.nether.net
Subject: Re: [nsp] NetFlow through a firewall?
Hi,
On Wed, May 07, 2003 at 02:46:22PM -0400, Temkin, David wrote:
> Has anyone sucessfully passed NetFlow traffic through a firewall? If
> anyone has any pointers (ie, how to do this securely...) I'd love to
> hear them.
It's not trivial, as NetFlow is source-spoofeable UDP.
On the other hand - the worst thing that people can do is send you faked
accounting records (which the flow sequence number checks should catch) and
maybe crash your netflow software.
It should be fairly safe if you make sure you don't permit source spoofed
UDP packets (with a source IP of your routers) from "outside", and then
permit only those sources through your firewall.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany
gert at greenie.muc.de
fax: +49-89-35655025
gert.doering at physik.tu-muenchen.de
IMPORTANT:The information contained in this email and/or its attachments is
confidential. If you are not the intended recipient, please notify the
sender immediately by reply and immediately delete this message and all its
attachments. Any review, use, reproduction, disclosure or dissemination of
this message or any attachment by an unintended recipient is strictly
prohibited. Neither this message nor any attachment is intended as or
should be construed as an offer, solicitation or recommendation to buy or
sell any security or other financial instrument. Neither the sender, his or
her employer nor any of their respective affiliates makes any warranties as
to the completeness or accuracy of any of the information contained herein
or that this message or any of its attachments is free of viruses.
More information about the cisco-nsp
mailing list