Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Cisco NetFlow Agent Detection

Info

Synopsis

The remote host is running a Cisco NetFlow Agent.

Description

The remote host is running a Cisco NetFlow Agent. NetFlow is a UDP protocol which sends sniffed traffic from a Cisco device to a Cisco collector device. By using NetFlow, companies do not need to deploy 'taps' or utilize span (or mirror) ports. Instead, the NetFlow agent bundles the sniffed traffic into a UDP packet and forwards to the collector.

Solution

As the NetFlow traffic is passed in plaintext, ensure that NetFlow traffic does not traverse any untrusted networks.