netflow in the core used for surveillance
Stephen Fulton
sf at lists.esoteric.ca
Wed Aug 25 22:24:27 UTC 2021
Randy,
It is quite possible that some are simply the victim of their own
ignorance. I know of an ISP where one of their last-mile hardware
vendors was pushing hard to get junior technical staff and senior
non-technical staff to agree to share netflow data. When senior
technical staff found out, they told the vendor that they would not
share the data and to stop. The vendor persisted. After probing to
find out what vendor was used in the core & peering parts of the ISP's
network, one of the vendor's staff kindly provided netflow configuration
to the junior technical staff, along with specific instructions to apply
it to their transit/peering ports. The destination of the flows was a
server under the complete control of the vendor, not the ISP. This was
brought to the attention of senior technical staff and you can guess
what happened.
The vendor is not one of the majors, they are still relatively young. I
won't share the name on the list.
-- Stephen
On 2021-08-25 17:13, Randy Bush wrote:
> https://www.vice.com/en/article/jg84yy/data-brokers-netflow-data-team-cymru
>
> used to get dissidents, activists, and journos killed
>
> at&t, comcast, ... zayo, please tell us you do not do this.
>
> randy
>
More information about the NANOG
mailing list