Netflow collector that can forward flows to another collector based on various metrics.

Good morning everyone, I am looking for a Netflow collector that can forward flows based on src ip/src net dst ip/dst net to another collector in either real or near time. If it can be configured via an API that is even better than having to edit configuration files. If anyone has any

Re: Netflow collector that can forward flows to another collector based on various metrics.

I've been using samplicator for a few years for this, it can be configured to forward based on sender ip/net, but it does not have an API. I'm using it because it's small, simple and does only one thing. https://github.com/sleinen/samplicator //JH On 2021-01-21 15:39, Karsten Thomann via

Re: Netflow collector that can forward flows to another collector based on various metrics.

Hi, I don't know if pmacct has an API for it, but it can replicate netflow and also filter what it is forwarding. https://github.com/pmacct/pmacct/blob/master/QUICKSTART Beginning line 2093 Kind regards Karsten Am Donnerstag, 21. Januar 2021, 14:31:36 schrieb Drew Weaver: > Good morning

Re: DoD IP Space

> On Jan 20, 2021, at 11:10 PM, Doug Barton wrote: > > There have already been at least two lines in the sand that the IETF has > backed down from. Is it even useful for us to keep saying "IPv6 is the way > forward" any more? Oh, I could not agree more. We need IETF or other powers-that-be

Re: Netflow collector that can forward flows to another collector based on various metrics.

Plixer Replicator will do this via REST API is you are looking for a commercial solution. If you’re looking for a free solution, Samplicator will do this via config file. Neither is a “collector” as neither stores the flows. They simply forward/copy UDP streams based on a set policy. It sounds

Re: DoD IP Space

Oh, no worries.. It will never happen ;) There is reason why everyone stick to IPv4... Also, there was also nice space that could be used safely on private networks [14.0.0.0/8]. Unfortunately money needs to flow, so it was converted to normal space. Shame. Same with recent shady action w/

Re: DoD IP Space

Chris - https://search.arin.net/rdap/?query=22.0.0.0 will provide a valid phone number for technical & abuse matters. /John John Curran President and CEO American Registry for Internet Numbers On 21 Jan 2021, at 12:11 AM, John Lee mailto:jllee9...@gmail.com>> wrote: It is the DISA DOD NIC

Re: Uganda Communications Commission shutdown order

Hello folks, Wanted to chime in to say that near-realtime outage data/graphs from the IODA (Internet Outage Detection and Analysis) system, at CAIDA, UC San Diego, are publicly available. For example, the following graph shows that the outage in Uganda began at ~4:00 PM UTC on Jan 13th and

Re: Netflow collector that can forward flows to another collector based on various metrics.

You might try the SiLK offering from Carnegie-Mellon's CERT team. A netflow/sflow collector with full tool suite. Very robust, fast and free. https://tools.netsa.cert.org/silk On 1/21/2021 9:31 AM, Drew Weaver wrote: Good morning everyone, I am looking for a Netflow collector that can

Re: Netflow collector that can forward flows to another collector based on various metrics.

Speaking as the maintainer of samplicator, I'm not sure it's what Drew is looking for. Samplicator just sends copies of entire UDP packets. It doesn't understand NetFlow/IPFIX or whatever else those packets might contain. If I understand correctly, drew wants to forward some of the

Nice work Ron

https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occ upied-by-parler/ Jean St-Laurent CISSP #634103 ddosTest me security inc tel:438 806-9800 site:

Re: DoD IP Space

IPv6 doesn’t need a hard date. It is coming, slowly, but it is coming. Every data set says the same thing. It may not be coming as fast as a lot of us would want or actually think is reasonable as ISP’s are currently being forced to deploy CGNs (NAT44 and NAT64) because there are laggards that

RE: Nice work Ron

On January 21, 2021 at 12:39 nanog@nanog.org (Jean St-Laurent via NANOG) wrote: > > I feel this is a good example that a pen is mightier than a sword. In all honesty have we really given the sword a chance in these cases? -- -Barry Shein Software Tool & Die| b...@theworld.com

Re: Nice work Ron

> How many other Belize defuncts do they have? How many offshore countries like Belize are there in the region? Based on my cursory knowledge of offshore corporate registrations in Belize, Panama and the Cayman Islands, identifying those locations which are only mailboxes versus actual business

Re: DoD IP Space

>> I’m sure we all remember Y2k (well, most of us, there could be some >> young-uns on the list). That day was happening whether we wanted it to >> or not. It was an unchangeable, unmovable deadline. > > but i thought 3gpp was gong to force ipv6 adoption let me try it a different way why should

Re: DoD IP Space

Organizations I have worked with for IPv6 transition, reduced CAPex and OPex by leveraging the IT refresh cycle, and by ensuring there investment included leveraging the USGv6 ( https://www.nist.gov/programs-projects/usgv6-program) or IPv6Ready ( https://www.ipv6ready.org/) to mitigate the "We

Re: DoD IP Space

> I’m sure we all remember Y2k (well, most of us, there could be some > young-uns on the list). That day was happening whether we wanted it to > or not. It was an unchangeable, unmovable deadline. but i thought 3gpp was gong to force ipv6 adoption

Re: Nice work Ron

    Well,     FYI: I'm not getting getting this kind of vibe from him, more like of an IP Space janitor.     I'm wondering if it is a statement from Ron or the opinion of the author of the article.     Myself, I'm jealous of Ron for having the capacity of doing this kind of task =D on top

Re: Nice work Ron

"The pending disruption for DDoS-Guard and Parler comes compliments of Ron Guilmette, a researcher who has made it something of a personal mission to de-platform conspiracy theorist and far-right groups." Sounds horrible. But now that the American flag is a hate symbol not surprising. The

Re: Nice work Ron

Peace, On Thu, Jan 21, 2021, 10:20 PM Fredrik Holmqvist / I2B wrote: > Just a question "this one hosted a Web site for a terrorist > organization", which terrorist organizations web site did they host ? > "Hamas", until November. That was discussed before on the mailing list. -- Töma >

Re: DoD IP Space

That's a good one. Perhaps you don't live/work in the US and can be excused for not knowing that US corporations don't pay taxes. In many cases we subsidize them by giving tax credits to the point that the money is flowing in the opposite direction entirely. It would be hard to give them any

Re: Nice work Ron

Peace, On Thu, Jan 21, 2021, 9:29 PM Tom Beecher wrote: > am I the only one to believe that (given that LACNIC had allocated an IP >> block to a company that doesn't conform to the LACNIC policies) what we >> urgently need to see next is the complete audit of the LACNIC operations, >> so that

Re: Nice work Ron

In my recent ( last 24 months) dealings with LACNIC, they were very thorough in validating information and enforcing documentation requirements as we needed to modify some things after some corporate changes. Obviously that may not be representative of all their operations, but they were quite on

Re: Nice work Ron

> On Jan 21, 2021, at 10:16 AM, Jean St-Laurent via NANOG > wrote: > > https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occupied-by-parler/ For context, from the article: "The pending disruption for DDoS-Guard and Parler comes compliments of Ron Guilmette, a

Re: DoD IP Space

- On Jan 21, 2021, at 6:40 AM, Andy Ringsmuth a...@andyring.com wrote: Hi, > I’m sure we all remember Y2k Ah, yes. As a young IT consultant wearing a suit and tie (rofl), I upgraded many bioses in many office buildings in the months leading up to it... > I’d love to see a line in the

Re: Nice work Ron

Peace, On Thu, Jan 21, 2021, 9:57 PM Tom Beecher wrote: > fraudulent business records are used all over the world for things like > this all the time. Calling for a complete audit of LACNIC feels quite > extreme absent a pattern of issues, which doesn't seem to have been > presented. > Listen,

Re: Nice work Ron

Hi. Just a question "this one hosted a Web site for a terrorist organization", which terrorist organizations web site did they host ? --- Fredrik Holmqvist On 2021-01-21 20:11, Töma Gavrichenkov wrote: Peace, On Thu, Jan 21, 2021, 9:57 PM Tom Beecher wrote: fraudulent business records

RE: Nice work Ron

I should have probably add more content or a comment. I feel this is a good example that a pen is mightier than a sword. I am impress by what I read in this article and would definitely like to hear/read more, maybe coming from Ronald Guilmette? Thanks all Jean From: NANOG

Re: Nice work Ron

> > am I the only one to believe that (given that LACNIC had allocated an IP > block to a company that doesn't conform to the LACNIC policies) what we > urgently need to see next is the complete audit of the LACNIC operations, > so that this doesn't look like selective enforcement? > LACNIC

Re: Nice work Ron

I'll add that after reading the article, it doesn't appear that Parler was specifically targeted, just DDoS-Guard prior to becoming their new host. Deplatforming of Parler wasn't really on anyone's radar back in November when the complaint with LACNIC was filed and I'm not under the impression

Re: Nice work Ron

Peace, On Thu, Jan 21, 2021, 8:17 PM Jean St-Laurent via NANOG wrote: > > https://krebsonsecurity.com/2021/01/ddos-guard-to-forfeit-internet-space-occupied-by-parler/ > A disclaimer: - Standing for the sanity of the Internet routing; - Assuming (quite reliably) actual policy violation; -

Re: Nice work Ron

DDOS-Guard is only hosting a temporary static page for Parler, they are not hosting the full Parler application. (Source : Quote from Parler's CEO, NYT, 1/19/21, https://www.nytimes.com/2021/01/19/technology/parler-russian-company.html) On Thu, Jan 21, 2021 at 12:55 PM Matt Erculiani wrote: >