Skip to content
  • Mike Perry's avatar
    Netflow record collapsing defense. · b0e92634
    Mike Perry authored and Nick Mathewson's avatar Nick Mathewson committed
    This defense will cause Cisco, Juniper, Fortinet, and other routers operating
    in the default configuration to collapse netflow records that would normally
    be split due to the 15 second flow idle timeout.
    
    Collapsing these records should greatly reduce the utility of default netflow
    data for correlation attacks, since all client-side records should become 30
    minute chunks of total bytes sent/received, rather than creating multiple
    separate records for every webpage load/ssh command interaction/XMPP chat/whatever
    else happens to be inactive for more than 15 seconds.
    
    The defense adds consensus parameters to govern the range of timeout values
    for sending padding packets, as well as for keeping connections open.
    
    The defense only sends padding when connections are otherwise inactive, and it
    does not pad connections used solely for directory traffic at all. By default
    it also doesn't pad inter-relay connections.
    
    Statistics on the total padding in the last 24 hours are exported to the
    extra-info descriptors.
    b0e92634