Death of the Internet, Film at 11
victor at jvknet.com
Sun Oct 23 14:34:50 UTC 2016
On 10/23/2016 8:12 AM, clinton mielke wrote:
> My question for you guys, since Im a theoretician and not a seasoned
> operator: how feasible or legal is it to find telnet scanning activity or
> any of these passwords in high-bandwidth netflows? If its feasible, then
> this at least gets you the active scanning population of hosts, along with
> the IPs of all of their victims.
If there is enough concentration of common flows from a certain set of
IPs, it's quite possible to detect the scanning activity using sampled
flow data if one were collecting such data. I say sampled as 1-for-1
flow data collection is not common.
You would not see packet content just using flow data.
More information about the NANOG