FlowopInformation

From CSRRT-LU

Table of contents

1 The flowop list 2 Why another list about NetFlow and alike ? 3 Who can subscribe to the list ? 4 References/Link 5 NetFlow records structure 6 Exporting NetFlow records 7 Netflow and relational database schema 8 Bi-directional flows 9 Papers 10 On-going research

The flowop list

http://www.csrrt.org.lu/mailman/listinfo/flowop

Why another list about NetFlow and alike ?

We created a mailing list, flowop (http://www.csrrt.org.lu/mailman/listinfo/flowop), to discuss generic issues regarding NetFlow - we felt that, while there is numerous netflow lists dedicated to a particular collector / technology, there is no catch-all list to discuss general issues such as analysis, aggregation and so on.

• Archives: http://www.csrrt.org.lu/pipermail/flowop/

Who can subscribe to the list ?

Everybody is welcomed to subscribe to the flowop list. The only important thing is to keep the right topic...

References/Link

• http://www.switch.ch/tf-tant/floma/software.html - FloMA list including free and proprietary netflow technologies
• Some Cisco presentations: http://www.cisco.com/en/US/products/ps6601/prod_presentation_list.html
  • Among which NetFlow for Accounting, Analysis, and Attack (http://www.cisco.com/application/pdf/en/us/guest/products/ps6601/c1161/cdccont_0900aecd80311f60.pdf)

NetFlow records structure

• Flowop/FlowStruct

Exporting NetFlow records

• Flowop/Exporters Configuration of various NetFlow exporters

Netflow and relational database schema

• Flowop/DBDiscuss Discussion about existing and maybe future database schema for netflow data

Bi-directional flows

• Flowop/BiFlows

Papers

• Flowop/Papers Links to papers on NetFlow

On-going research

• Fingerprinting software (Worms, malware, ...) with netflow-like technology FlowopFingerprinting