[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: UDP and data retention

To: or-talk@xxxxxxxxxxxxx
Subject: Re: UDP and data retention
From: Michael Holstein <michael.holstein@xxxxxxxxxxx>
Date: Fri, 19 Dec 2008 13:49:33 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Fri, 19 Dec 2008 13:49:15 -0500
In-reply-to: <20081219102401.GW11544@xxxxxxxxx>
References: <20081219102401.GW11544@xxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.17 (X11/20080925)

This is off-topic, but isn't UDP making data retention more difficult
than TCP/IP.


I don't see how ..

"tcpdump -s 1514 -w evidence.pcap ip proto \\udp"

is any harder than ..

"tcpdump -s 1514 -w evidence.pcap ip proto \\tcp"

Now I guess you could rig a communications "network" that dealt entirelyin header-source forged UDP packets, but as best practices dictate (notthe everybody follows them) .. one should filter egress of packets witha source address not within your netblock.


Cheers,

Michael Holstein
Cleveland State University

References:
- UDP and data retention
  - From: Eugen Leitl

Prev by Author: Re: Need help with MPAA threats
Next by Author: ICMP redirect packets
Previous by thread: Re: UDP and data retention
Next by thread: Re: Windows buffer problems
Index(es):
- Author
- Thread