On 20/01/16 12:06, Stuart Henderson wrote:
It reads like something that might be put together by someone whose only experience of internet logging data has come from a web proxy. At one record per UDP packet of attack traffic, logging systems are going to be rather busy at times. What is supposed to happen when they can't cope?
From the definition you refer to, "Internet Connection Records is a record of the internet services a specific device is /connected/ to"
So surely as a "connectionless" protocol, we don't have to bother recording UDP? ;-)
Seriously though, does a single UDP packet count as a connection? Or a unidirectional flow? The terminology they are are using, such as 'connection', 'session', 'service being accessed' all implies to me some sort of successful two way handshake or flow of data.
Regards, Ben. -- Ben McKeegan Netservers Limited
