Security Incidents mailing list archives
RE: Bogon IPs traffic only seen by netflow, confined within a VLANonly
From: Jose Nazario <jose () monkey org>
Date: Tue, 11 Apr 2006 21:53:07 -0400 (EDT)
this may sound really too basic, but it strikes me that you're quite possibly seeing a flow decode bug shifting some fields and giving you bad data. ("think horses, not zebras" and occam's razor ...) are you sure the flow coming out of that device is formed as your flow decode tools expect it to be? feel free to contact me off-list, i work for a ocmpany that does boatloads of flow processing and may be able to help you out, as well. ________ jose nazario, ph.d. jose () monkey org http://monkey.org/~jose/ http://infosecdaily.net/ http://www.wormblog.com/
Current thread:
- RE: Bogon IPs traffic only seen by netflow, confined within a VLANonly Pierre, Jean-Raymond (Apr 10)
- Message not available
- RE: Bogon IPs traffic only seen by netflow, confined within a VLANonly AJ Cochenour (Apr 11)
- Re: Bogon IPs traffic only seen by netflow, confined within a VLANonly Stef (Apr 11)
- Re: Bogon IPs traffic only seen by netflow, confined within a VLANonly Roland Dobbins (Apr 11)
- RE: Bogon IPs traffic only seen by netflow, confined within a VLANonly Jose Nazario (Apr 11)
- RE: Bogon IPs traffic only seen by netflow, confined within a VLANonly AJ Cochenour (Apr 11)
- Message not available
- <Possible follow-ups>
- RE: Bogon IPs traffic only seen by netflow, confined within a VLANonly Nyuk Loong Kiw (Apr 11)