grarpamp: > On Fri, Aug 21, 2015 at 12:30 AM, Mike Perry <mikeperry@xxxxxxxxxxxxxx> wrote: > > I submitted a proposal to tor-dev describing a simple defense against > > this default configuration: > > https://lists.torproject.org/pipermail/tor-dev/2015-August/009326.html > > nProbe should be added to the router list, it's a very popular > opensource IPFIX / netflow tap. > http://www.ntop.org/products/netflow/nprobe/ While ntop is FLOSS, nProbe itself seems to be closed source. There's a FAQ on the page about it. As such, I was only able to discover that its default inactive/idle timoeut is 30s. I couldn't find a range. > For those into researching other flow capabilities... > There are also some probes in OS kernels and > some other opensource taps, they're not as well known > or utilized as nProbe. > Other large hardware vendors include Brocade, Avaya, > Huawei, and Alcatel-Lucent. Out of all of these, I was only able find info on Alcatel-Lucent. It uses cflowd, which appears to be a common subcomponent. It's timeout ranges are the same as Cisco IOS. What I really need now is any examples of common routers that have a default inactive/idle timeout below 10s, or allow you to set it below 10s. So far I have not found any. > Lots of SDN and monitoring projects can plug in > with gear like this, because, FTW... > > http://telesoft-technologies.com/technologies/mpac-ip-7200-dual-100g-ethernet-accelerator-card > http://www.hitechglobal.com/IPCores/100GigEthernet-MAC-PCS.htm > http://www.napatech.com/sites/default/files/dn-0820_nt100e3-1-ptp_data_sheet_3.pdf > https://www.cesnet.cz/wp-content/uploads/2015/01/hanic-100g.pdf > http://www.ndsl.kaist.edu/~kyoungsoo/papers/2010-lanman-100Gbps.pdf > http://info.iet.unipi.it/~luigi/netmap/ I think these devices are wandering into the "adversarial admin" territory (see section 3 of the proposal). I want to focus on the case where the adversary demands/sniffs/exploits routers likely to be installed in most networks. -- Mike Perry
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays