[tor-relays] clarification on what Utah State University exit relays store ("360 gigs of log files")
coderman
coderman at gmail.com
Wed Sep 2 23:03:55 PDT 2015
On 9/2/15, Tim Sammut <tim at teamsammut.com> wrote:
> ...
> - Cisco IOS (and likely other platforms) will immediately export flows
> if the cache fills to capacity. This will result in flows being
> exported in less than inactive timeout,..
there is a second limit here, which is the netflow channel capacity /
storage limit, if you introduce simulated flows at a rate beyond this
capacity, you may become unobservable (via loss) resulting in failure
to correlate.
this is why i asked about logical injection via userspace of billions
of flows per minute as a resistance measure. (e.g. scapy or other raw
inject across a border with cooperating peer, if needed.)
best regards,
More information about the cypherpunks
mailing list