Security Applications of cflowd
Link-layer Tracing with cflowd
NetFlow output contains next-hop router in addition to SRC/DST
IP addresses.
Given cflowd server-to-router map, query and
recursively trace through previous-hop routers.
Denial-of-service tracing,
- forged-source DoS attacks (remember, metrics can be persistent)
- yes, there is the issue of interrealm trust. It's workable
on a small scale. Others are working on the generic scalable
solutions.