[nsp] NetFlow through a firewall?
Gert Doering
gert at greenie.muc.de
Wed May 7 23:36:08 EDT 2003
Hi,
On Wed, May 07, 2003 at 03:32:26PM -0400, Ed Ravin wrote:
> > It's not trivial, as NetFlow is source-spoofeable UDP.
> >
> > On the other hand - the worst thing that people can do is send you faked
> > accounting records (which the flow sequence number checks should catch)
> > and maybe crash your netflow software.
>
> Or, if your netflow software has a remotely exploitable vulnerability,
> a single spoofed malicious packet might be enough for someone to take
> over your machine. Don't laugh, it happened with Microsoft SQL server
> just a few months ago. The question to ask is "Do you trust your
> Netflow software with exposure to the Internet?"
No, which is why this has to be done in conjunction with anti-spoofing
filters on the perimeter. Which should be there anyway.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert.doering at physik.tu-muenchen.de
More information about the cisco-nsp
mailing list