netflow in the core used for surveillance

Stephen Fulton sf at
Wed Aug 25 22:24:27 UTC 2021


It is quite possible that some are simply the victim of their own 
ignorance.  I know of an ISP where one of their last-mile hardware 
vendors was pushing hard to get junior technical staff and senior 
non-technical staff to agree to share netflow data.  When senior 
technical staff found out, they told the vendor that they would not 
share the data and to stop.  The vendor persisted.  After probing to 
find out what vendor was used in the core & peering parts of the ISP's 
network, one of the vendor's staff kindly provided netflow configuration 
to the junior technical staff, along with specific instructions to apply 
it to their transit/peering ports.  The destination of the flows was a 
server under the complete control of the vendor, not the ISP.  This was 
brought to the attention of senior technical staff and you can guess 
what happened.

The vendor is not one of the majors, they are still relatively young.  I 
won't share the name on the list.

-- Stephen

On 2021-08-25 17:13, Randy Bush wrote:
> used to get dissidents, activists, and journos killed
> at&t, comcast, ... zayo, please tell us you do not do this.
> randy

More information about the NANOG mailing list