Death of the Internet, Film at 11

• Previous message (by thread): Death of the Internet, Film at 11
• Next message (by thread): Death of the Internet, Film at 11
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Clinton,


On 10/23/2016 8:12 AM, clinton mielke wrote:
>
> My question for you guys, since Im a theoretician and not a seasoned
> operator: how feasible or legal is it to find telnet scanning activity or
> any of these passwords in high-bandwidth netflows? If its feasible, then
> this at least gets you the active scanning population of hosts, along with
> the IPs of all of their victims.

If there is enough concentration of common flows from a certain set of 
IPs, it's quite possible to detect the scanning activity using sampled 
flow data if one were collecting such data.  I say sampled as 1-for-1 
flow data collection is not common.

You would not see packet content just using flow data.

regards,

Victor K

• Previous message (by thread): Death of the Internet, Film at 11
• Next message (by thread): Death of the Internet, Film at 11
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]