PDA

View Full Version : NetFlow, anyone using it?



loosbrew
22-Jun-2007, 08:08 PM
Hello all,

I am currently configuring Netflow on one of our routers and have been
finding some pretty interesting things. Apparently the mpac trojan is
affecting us as I am seeing up to 1 gig of incoming traffic coming from
italian domains. Now im trying to localize it to which office it's
coming from so I have to configure netflow on multiple serial
interfaces. Not sure if I should do them one at a time or turn them all
on at once?

anyone know anything about this?

TIA,

Luis

unsigned@ @digerati.us
22-Jun-2007, 08:18 PM
Um, I sat through a session on Netflow last year at Networkers.


And its still on my list of things to play with.... :(


Since I'm not sure either, the only input I have would be to make sure
you aren't near processing capacity on the routers. That will add some
decent overhead... If you have a 1760 jammed with ds1's, you might have
some issues.

Other than that, try it after business hours if you have that kind of
window. :D


loosbrew wrote:
> Hello all,
>
> I am currently configuring Netflow on one of our routers and have been
> finding some pretty interesting things. Apparently the mpac trojan is
> affecting us as I am seeing up to 1 gig of incoming traffic coming from
> italian domains. Now im trying to localize it to which office it's
> coming from so I have to configure netflow on multiple serial
> interfaces. Not sure if I should do them one at a time or turn them all
> on at once?
>
> anyone know anything about this?
>
> TIA,
>
> Luis

Jay Calderwood
22-Jun-2007, 08:21 PM
unsigned@ @digerati.us,

> And its still on my list of things to play with.... :(

*blink* Hey you will go blind.


--
Jay Calderwood
http://jaycalderwood.blogspot.com

Quote: "I'm alive... I think... Then again can it get any worse? Yes it
can...
There is this one place...really down south that starts with an 'H' and ends
with an 'L' that is really HOT..."

Lance Reynolds
22-Jun-2007, 08:23 PM
Jay Calderwood wrote:
> unsigned@ @digerati.us,
>
>> And its still on my list of things to play with.... :(
>
> *blink* Hey you will go blind.
>
>

That's just a myth...my eyes are fine. ;-)

unsigned@ @digerati.us
22-Jun-2007, 11:17 PM
Hey now, my list of things to do isn't *that* exciting.

Jay Calderwood wrote:
> *blink* Hey you will go blind.
>
>

loosbrew
25-Jun-2007, 04:33 PM
Well, more specifically, I'm trying to figure out how to read all of
this info. I have an app that will display netflow info in real time,
I'm just trying to figure out what, for example, 168.1.248.0 is.
Apparently its transfered over 1.5 gb of traffic in 10 mins. I'm
concerned about Trojans or Viri.

Thanks all,

Luis

unsigned@ @digerati.us wrote:
> Um, I sat through a session on Netflow last year at Networkers.
>
>
> And its still on my list of things to play with.... :(
>
>
> Since I'm not sure either, the only input I have would be to make sure
> you aren't near processing capacity on the routers. That will add some
> decent overhead... If you have a 1760 jammed with ds1's, you might have
> some issues.
>
> Other than that, try it after business hours if you have that kind of
> window. :D
>
>
> loosbrew wrote:
>> Hello all,
>>
>> I am currently configuring Netflow on one of our routers and have been
>> finding some pretty interesting things. Apparently the mpac trojan is
>> affecting us as I am seeing up to 1 gig of incoming traffic coming
>> from italian domains. Now im trying to localize it to which office
>> it's coming from so I have to configure netflow on multiple serial
>> interfaces. Not sure if I should do them one at a time or turn them
>> all on at once?
>>
>> anyone know anything about this?
>>
>> TIA,
>>
>> Luis