[nsp] NetFlow through a firewall?
Ed Ravin
eravin at panix.com
Wed May 7 16:32:26 EDT 2003
On Wed, May 07, 2003 at 08:57:42PM +0200, Gert Doering wrote:
>
> On Wed, May 07, 2003 at 02:46:22PM -0400, Temkin, David wrote:
> > Has anyone sucessfully passed NetFlow traffic through a firewall? If anyone
> > has any pointers (ie, how to do this securely...) I'd love to hear them.
>
> It's not trivial, as NetFlow is source-spoofeable UDP.
>
> On the other hand - the worst thing that people can do is send you faked
> accounting records (which the flow sequence number checks should catch)
> and maybe crash your netflow software.
Or, if your netflow software has a remotely exploitable vulnerability,
a single spoofed malicious packet might be enough for someone to take
over your machine. Don't laugh, it happened with Microsoft SQL server
just a few months ago. The question to ask is "Do you trust your
Netflow software with exposure to the Internet?"
More information about the cisco-nsp
mailing list