[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#285041: ITP: fprobe-ng -- Export captured traffic to remote NetFlow Collector

* Radu Spineanu:

> * Package name    : fprobe-ng
>   Version         : 1.0.6
>   Upstream Author : Slava Astashonok <sla@0n.ru>
> * URL             : fprobe.sourceforge.ne
> * License         : GPL
>   Description     : Export captured traffic to remote NetFlow Collector
>
>  A well-maintained alternative to fprobe. This program is a
>  libpcap-based utility which collects network traffic and
>  emits it as NetFlow towards a specified collector.

This program uses a hash table to store the active flows.  It is
vulnerable to a DoS attack, as described in "Denial of Service via
Algorithmic Complexity Attacks" by Scott A Crosby and Dan S Wallach:

  <http://www.cs.rice.edu/~scrosby/hash/>

It is possible to switch to a HMAC-style hash function that offers
some resistance against second preimage attacks, but I'd recommend to
switch to some balanced tree variant.
Reply to: