[tor-relays] clarification on what Utah State University exit relays store ("360 gigs of log files")

[coderman@gmail.com (coderman)]

On 9/2/15, Tim Sammut <tim@teamsammut.com> wrote:
> ...
>  - Cisco IOS (and likely other platforms) will immediately export flows
>    if the cache fills to capacity. This will result in flows being
>    exported in less than inactive timeout,..

there is a second limit here, which is the netflow channel capacity /
storage limit, if you introduce simulated flows at a rate beyond this
capacity, you may become unobservable (via loss) resulting in failure
to correlate.

this is why i asked about logical injection via userspace of billions
of flows per minute as a resistance measure. (e.g. scapy or other raw
inject across a border with cooperating peer, if needed.)


best regards,