Interesting People mailing list archives
Re: MIT monitoring campus network traffic
From: David Farber <dave () farber net>
Date: Fri, 17 Apr 2009 19:36:11 -0400
Begin forwarded message: From: Date: April 17, 2009 6:05:06 PM EDT To: dave () farber netSubject: *please anonymize* Re: [IP] MIT monitoring campus network traffic
Dave, *please anonymize*My day job is as a network architect for a mid-sized Canadian ISP. I'm the top technical person in the company, and I fall between technical staff and management, often working in both worlds. This article reminds me of a tactic once used on me, by an unnamed vendor who was having little success selling us a commercial product which does what was described in the article. We use an open-source version, and though it does not have pretty graphs and Crystal Reports, we like it. The sales person in question inquired about our data retention policies (which I would not disclose to him) and later escalated to senior management, using an argument that they felt bordered on scare tactics. Everyone agreed that we've seen more aggressive sales pitches lately, with the economy the way it is, but that definitely is one of the more memorable ones.
I can't help thinking the same of this situation. Perhaps someone is taking a page from the anti-virus vendor's books?
Also, for those that are interested, the underlying protocol which I suspect is being used is likely NetFlow, originally developed by Cisco, or a variation.
http://www.cisco.com/go/netflowThe protocol is configured on key network routers, and traffic is sampled at a configured rate, with the results sent to a collection server. The data can then be analyzed for a wide variety of information, including virus infections, DoS attacks, routing analysis and trending, etc. We typically use it for determining traffic patterns, and on occasion, for denial of service attacks. The information is stored in an off-net, hardened server, with an encrypted file system. That's sufficient for us.
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- MIT monitoring campus network traffic David Farber (Apr 17)
- <Possible follow-ups>
- Re: MIT monitoring campus network traffic David Farber (Apr 17)
- Re: MIT monitoring campus network traffic David Farber (Apr 18)
- Re: MIT monitoring campus network traffic David Farber (Apr 18)
- Re: MIT monitoring campus network traffic David Farber (Apr 18)
- Re: MIT monitoring campus network traffic David Farber (Apr 21)