On Thu, Sep 3, 2015 at 2:03 AM, coderman <coder...@gmail.com> wrote: > there is a second limit here, which is the netflow channel capacity / > storage limit, if you introduce simulated flows at a rate beyond this > capacity, you may become unobservable (via loss) resulting in failure > to correlate.
I've seen ISP saturate their own backbone with netflow during nice UDP DoS, collectors had to be hung off local router ports after that. > this is why i asked about logical injection via userspace of billions > of flows per minute as a resistance measure. (e.g. scapy or other raw > inject across a border with cooperating peer, if needed.) If the collector is not protected you can inject bogus flows, implicate your neighbor and fill disks. _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays