Interesting People mailing list archives
Re: MIT monitoring campus network traffic
From: David Farber <dave () farber net>
Date: Sat, 18 Apr 2009 08:39:20 -0400
Begin forwarded message: From: Michael Sinatra <michael () rancid berkeley edu> Date: April 17, 2009 8:47:54 PM EDT To: dave () farber net Subject: Re: [IP] Re: MIT monitoring campus network traffic If it is indeed netflow (and I agree that it certainly sounds like it), then it's also being used all over the Internet for billing purposes, and for estimating aggregate bandwidth usage. The fact that MIT is retaining it for three days seems like relatively non-invasive use of netflow, to be quite honest. It may be of concern that there is no policy governing the use of the data, but that would seem to be more of a campus- or university-wide issue. Some universities have privacy policies that actually allow such transactional data (source/dest IP address, length of flow, number of bytes, but no content) to be retained for a certain amount of time. Notifying users that this is happening is important; the fact that some of them are surprised at such retention is a bit scary considering that this sort of thing is done all over the Internet. Frankly, it doesn't seem like a big issue. More information is kept in the average web server log (and I am just talking about apache logs, not more substantial stuff like Google Analytics) than in netflow. michael On 04/17/09 16:36, David Farber wrote:
Begin forwarded message: From: Date: April 17, 2009 6:05:06 PM EDT To: dave () farber netSubject: *please anonymize* Re: [IP] MIT monitoring campus network trafficDave, *please anonymize*My day job is as a network architect for a mid-sized Canadian ISP. I'mthe top technical person in the company, and I fall between technical staff and management, often working in both worlds. This article reminds me of a tactic once used on me, by an unnamed vendor who was having little success selling us a commercial product which does whatwas described in the article. We use an open-source version, and thoughit does not have pretty graphs and Crystal Reports, we like it. The sales person in question inquired about our data retention policies (which I would not disclose to him) and later escalated to seniormanagement, using an argument that they felt bordered on scare tactics.Everyone agreed that we've seen more aggressive sales pitches lately, with the economy the way it is, but that definitely is one of the more memorable ones. I can't help thinking the same of this situation. Perhaps someone is taking a page from the anti-virus vendor's books? Also, for those that are interested, the underlying protocol which Isuspect is being used is likely NetFlow, originally developed by Cisco,or a variation. http://www.cisco.com/go/netflow The protocol is configured on key network routers, and traffic is sampled at a configured rate, with the results sent to a collection server. The data can then be analyzed for a wide variety of information, including virus infections, DoS attacks, routing analysis and trending, etc. We typically use it for determining traffic patterns, and on occasion, for denial of service attacks. Theinformation is stored in an off-net, hardened server, with an encryptedfile system. That's sufficient for us. ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- MIT monitoring campus network traffic David Farber (Apr 17)
- <Possible follow-ups>
- Re: MIT monitoring campus network traffic David Farber (Apr 17)
- Re: MIT monitoring campus network traffic David Farber (Apr 18)
- Re: MIT monitoring campus network traffic David Farber (Apr 18)
- Re: MIT monitoring campus network traffic David Farber (Apr 18)
- Re: MIT monitoring campus network traffic David Farber (Apr 21)