Death of the Internet, Film at 11

Victor Kuarsingh victor at
Sun Oct 23 14:34:50 UTC 2016


On 10/23/2016 8:12 AM, clinton mielke wrote:
> My question for you guys, since Im a theoretician and not a seasoned
> operator: how feasible or legal is it to find telnet scanning activity or
> any of these passwords in high-bandwidth netflows? If its feasible, then
> this at least gets you the active scanning population of hosts, along with
> the IPs of all of their victims.

If there is enough concentration of common flows from a certain set of 
IPs, it's quite possible to detect the scanning activity using sampled 
flow data if one were collecting such data.  I say sampled as 1-for-1 
flow data collection is not common.

You would not see packet content just using flow data.


Victor K

More information about the NANOG mailing list