[c-nsp] Sampled netflow & compliance issues
Dobbins, Roland
rdobbins at arbor.net
Thu Feb 9 07:41:35 EST 2012
On Feb 9, 2012, at 5:17 PM, Phil Mayers wrote:
> At (say) 512:1 sampling, they can simply deny they downloaded a 5Gb file, and claim it was a 10Mb file.
In actuality, NetFlow isn't typically utilized for this type of layer-7 nitpicking, as it's a layer-4 technology (not counting FNF and/or IPFIX/PSAMP, as they aren't available/deployed in any operationally significant numbers).
;>
It's used for security purposes, for traffic engineering purposes, for capacity-planning purposes, for billing, for troubleshooting, et. al.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
More information about the cisco-nsp
mailing list