netflow in the core used for surveillance

Christopher Morrow morrowc.lists at
Wed Aug 25 21:49:51 UTC 2021

On Wed, Aug 25, 2021 at 5:39 PM Aaron Wendel <aaron at>

> You don't know that I don't know that.
some probably do? you don't know which though?

I think, though, that part of the problem the article does not point out is:
  1) I run a network
  2) I need  (for reasons) netflow data and analysis
  3) I can't do that my self <reasons>
  4) several companies put hands up:
      "I can do that for you, costs $X/month and I have a nice dashboard!
with graphs!"

ok, so I bought that... and for another slice of product the company
providing ALSO
provides 'threat intelligence' or other things, based on my netflow and
yours and hers...

It's unclear to me that (if done properly) the data shown to me about
'threats' (or whatever):
  is not a conglomeration of all other customers of <fancy graph provider>
(FGP) netflow data...
  is not available to internal tools of FGP, and internal users at FGP.
  is not being made available from FGP to <others> for money OR for 'good'.

I don't think it's a surprise to anyone that netflow stitched together can
reveal a lot about
what's going on on your network, including: "who uses vpn service X?" or
"vpn user X is possibly browsing
 site Y" etc...

> On 8/25/2021 4:32 PM, Paul Ebersman wrote:
> > randy>
> >
> > randy> at&t, comcast, ... zayo, please tell us you do not do this.
> >
> >
> > aaron> You know they do.
> >
> > No, you don't know that.
> >
> > The above all certainly collect this info. Not all sell it to anyone who
> > asks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the NANOG mailing list