nanog mailing list archives
Re: netflow in the core used for surveillance
From: Christopher Morrow <morrowc.lists () gmail com>
Date: Wed, 25 Aug 2021 17:49:51 -0400
On Wed, Aug 25, 2021 at 5:39 PM Aaron Wendel <aaron () wholesaleinternet net> wrote:
You don't know that I don't know that.
some probably do? you don't know which though? I think, though, that part of the problem the article does not point out is: 1) I run a network 2) I need (for reasons) netflow data and analysis 3) I can't do that my self <reasons> 4) several companies put hands up: "I can do that for you, costs $X/month and I have a nice dashboard! with graphs!" ok, so I bought that... and for another slice of product the company providing ALSO provides 'threat intelligence' or other things, based on my netflow and yours and hers... It's unclear to me that (if done properly) the data shown to me about 'threats' (or whatever): is not a conglomeration of all other customers of <fancy graph provider> (FGP) netflow data... is not available to internal tools of FGP, and internal users at FGP. is not being made available from FGP to <others> for money OR for 'good'. I don't think it's a surprise to anyone that netflow stitched together can reveal a lot about what's going on on your network, including: "who uses vpn service X?" or "vpn user X is possibly browsing site Y" etc...
On 8/25/2021 4:32 PM, Paul Ebersman wrote:randy>https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymrurandy> at&t, comcast, ... zayo, please tell us you do not do this. aaron> You know they do. No, you don't know that. The above all certainly collect this info. Not all sell it to anyone who asks.
Current thread:
- netflow in the core used for surveillance Randy Bush (Aug 25)
- Re: netflow in the core used for surveillance Brandon Svec via NANOG (Aug 25)
- Re: netflow in the core used for surveillance Aaron Wendel (Aug 25)
- Re: netflow in the core used for surveillance Paul Ebersman (Aug 25)
- Re: netflow in the core used for surveillance Aaron Wendel (Aug 25)
- Re: netflow in the core used for surveillance Christopher Morrow (Aug 25)
- Re: netflow in the core used for surveillance Matt Harris (Aug 25)
- Re: netflow in the core used for surveillance Paul Ebersman (Aug 25)
- Re: netflow in the core used for surveillance Stephen Fulton (Aug 25)
- Re: netflow in the core used for surveillance jim deleskie (Aug 25)
- Re: netflow in the core used for surveillance Tom Beecher (Aug 25)
- Re: netflow in the core used for surveillance scott (Aug 25)
- Re: netflow in the core used for surveillance J. Hellenthal via NANOG (Aug 25)
- Re: netflow in the core used for surveillance Hank Nussbacher (Aug 25)
- Re: netflow in the core used for surveillance Mark Tinka (Aug 25)
- <Possible follow-ups>
- Re: netflow in the core used for surveillance Avi Freedman (Aug 30)