North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Some abuse detection hacks ...

  • From: prue
  • Date: Mon Mar 09 15:22:20 1998
  • Posted-date: Mon, 9 Mar 1998 12:15:14 -0800

Avi Freedmans post with a perl script to look for network abuses a
while back got me to thinking that a C program could be written to do
what his scripts do in near real time, continuously, if desired.

It is possible to get Cisco routers to dump netflow data records to a
host.  I modified a Cisco demonstration program called fdget.c to look
at the netflow data records and search for illegimate default pointing
or transit routing from unauthorized source AS's to unauthorized
destination AS's.  I have made this program available via anonymous ftp
(not a URL) on in subdirectory mon.  This directory is
blind.  You must know what files you wish to retrieve by exact name.

The files of interest are:


I hope that you find them useful.

My thanks go to Cisco for letting me distribute this program even though most
of the code was written by Cisco.  So keep in mind any bugs are mine.

Walt Prue
Los Nettos