Bug#285041: ITP: fprobe-ng -- Export captured traffic to remote NetFlow Collector

To: Florian Weimer <fw@deneb.enyo.de>
Cc: 285041@bugs.debian.org
Subject: Bug#285041: ITP: fprobe-ng -- Export captured traffic to remote NetFlow Collector
From: Radu Spineanu <radu@timisoara.roedu.net>
Date: Sat, 11 Dec 2004 13:52:53 +0200
Message-id: <[🔎] 41BADF95.2060803@timisoara.roedu.net>
Reply-to: Radu Spineanu <radu@timisoara.roedu.net>, 285041@bugs.debian.org
In-reply-to: <[🔎] 87zn0ljbr0.fsf@deneb.enyo.de>
References: <[🔎] E1Cchlb-0000Qh-00@spohr.debian.org> <[🔎] 87zn0ljbr0.fsf@deneb.enyo.de>

Florian Weimer wrote:

This program uses a hash table to store the active flows.  It is
vulnerable to a DoS attack, as described in "Denial of Service via
Algorithmic Complexity Attacks" by Scott A Crosby and Dan S Wallach:

  <http://www.cs.rice.edu/~scrosby/hash/>

It is possible to switch to a HMAC-style hash function that offers
some resistance against second preimage attacks, but I'd recommend to
switch to some balanced tree variant.



I have forwarded this to upstream, and will wait until a fix is made.
Thanks..

Radu

Reply to:

References:
- Bug#285041: ITP: fprobe-ng -- Export captured traffic to remote NetFlow Collector
  - From: Radu Spineanu <radu@timisoara.roedu.net>
- Bug#285041: ITP: fprobe-ng -- Export captured traffic to remote NetFlow Collector
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Bug#285041: ITP: fprobe-ng -- Export captured traffic to remote NetFlow Collector
Next by Date: Bug#207278: important changes
Previous by thread: Bug#285041: ITP: fprobe-ng -- Export captured traffic to remote NetFlow Collector
Next by thread: Bug#285052: ITP: paje.app -- generic visualization tool (Gantt chart and more)
Index(es):
- Date
- Thread