[nsp-sec] SCTP scans
Dario Ciccarone
dciccaro at cisco.com
Thu Jan 23 01:50:04 EST 2014
https://tools.cisco.com/bugsearch/bug/CSCtz86277
*Symptom:*
Flexible Netflow shows source and destination ports as 0 for SCTP traffic
*Conditions:*
No special conditions
*Workaround:*
There is no workaround
*Further Problem Description:*
FNF does not collect port information for SCTP flows - this is by
design. This bug is opened to implement this feature in a future release.
Feel free to open a TAC SR, and get your SR linked to the bug - the more
people asks for it, the more chances it has of getting implemented.
Right now, it is a sev6 (enhancement) which has been waiting since
May/2012 . . .
I should know. I opened it :)
On 1/21/14 9:54 AM, Borja Marcos wrote:
> ----------- nsp-security Confidential --------
>
>
>
>> On 21/01/2014, at 15:40, Kurt Jaeger <pi at nepustil.net> wrote:
>>
>> http://blog.erratasec.com/2014/01/masscan-supports-sctp.html
>>
>> describes it. Someone write an SCTP scanner.
> Ah, that silly :) I was wondering. By the way, either my netflow exporters or nfdump miss the SCTP destination ports.
>
> So next day they buy a printer and print the Intarweb :)
>
>
>
>
> Borja.
>
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-measures.
> _______________________________________________
More information about the nsp-security
mailing list