[27223] in North American Network Operators' Group
Re: Yahoo! Lessons Learned
daemon@ATHENA.MIT.EDU (brett watson)
Thu Feb 10 03:27:58 2000
Message-Id: <200002100817.AAA23545@ug.mibh.net>
To: Wayne Bouchard <web@typo.org>
Cc: rmeyer@mhsc.com (Roeland M.J. Meyer),
sean@donelan.com (Sean Donelan), nanog@merit.edu
In-reply-to: Your message of "Wed, 09 Feb 2000 23:11:40 MST."
<200002100611.XAA69248@typo.org>
Date: Thu, 10 Feb 2000 00:17:28 -0800
From: brett watson <bwatson@mibh.net>
Errors-To: owner-nanog-outgoing@merit.edu
>
> > > And finally, would they be more successfull in tracking the source the
> > > the problem by doing something different?
>
> So thats another interesting question.. How do you go about doing a
> packet trace on routers passing giabits of traffic every second
> without killing the router/network and actually get usefull
> information out of it?
passive monitoring. we don't have anything yet to run at oc-x speed
(pos) but caida is working on several versions of passive monitors and
at least one commercial vendor is working on one (ip capable).
there was talk in the caida member meeting at nanog of doing some
security bits in some of their software, and i don't remember for sure
but i think someone mentioned security with respect to the passive
monitors.
if we installed passive monitors on IX links between providers, we
might be able to do some interesting security traces.
-brett
