* Radu Spineanu: > * Package name : fprobe-ng > Version : 1.0.6 > Upstream Author : Slava Astashonok <[EMAIL PROTECTED]> > * URL : fprobe.sourceforge.ne > * License : GPL > Description : Export captured traffic to remote NetFlow Collector > > A well-maintained alternative to fprobe. This program is a > libpcap-based utility which collects network traffic and > emits it as NetFlow towards a specified collector.
This program uses a hash table to store the active flows. It is vulnerable to a DoS attack, as described in "Denial of Service via Algorithmic Complexity Attacks" by Scott A Crosby and Dan S Wallach: <http://www.cs.rice.edu/~scrosby/hash/> It is possible to switch to a HMAC-style hash function that offers some resistance against second preimage attacks, but I'd recommend to switch to some balanced tree variant.
