Bug#285041: ITP: fprobe-ng -- Export captured traffic to remote NetFlow Collector
* Radu Spineanu:
> * Package name : fprobe-ng
> Version : 1.0.6
> Upstream Author : Slava Astashonok <sla@0n.ru>
> * URL : fprobe.sourceforge.ne
> * License : GPL
> Description : Export captured traffic to remote NetFlow Collector
>
> A well-maintained alternative to fprobe. This program is a
> libpcap-based utility which collects network traffic and
> emits it as NetFlow towards a specified collector.
This program uses a hash table to store the active flows. It is
vulnerable to a DoS attack, as described in "Denial of Service via
Algorithmic Complexity Attacks" by Scott A Crosby and Dan S Wallach:
<http://www.cs.rice.edu/~scrosby/hash/>
It is possible to switch to a HMAC-style hash function that offers
some resistance against second preimage attacks, but I'd recommend to
switch to some balanced tree variant.
Reply to: