[tor-relays] clarification on what Utah State University exit relays store ("360 gigs of log files")

[grarpamp]

On Thu, Sep 3, 2015 at 2:03 AM, coderman <coderman at gmail.com> wrote:
> there is a second limit here, which is the netflow channel capacity /
> storage limit, if you introduce simulated flows at a rate beyond this
> capacity, you may become unobservable (via loss) resulting in failure
> to correlate.

I've seen ISP saturate their own backbone with netflow during nice
UDP DoS, collectors had to be hung off local router ports after that.

> this is why i asked about logical injection via userspace of billions
> of flows per minute as a resistance measure. (e.g. scapy or other raw
> inject across a border with cooperating peer, if needed.)

If the collector is not protected you can inject bogus flows,
implicate your neighbor and fill disks.