I was in the process of selecting a netflow viewer -- most of them are web-based -- when it occured to me that someone using it could discover every connection that someone has made through the amprgw router.
The flow data records source and destination address and ports, how much traffic was transferred, the time of day, and how long the connection lasted. Every flow record is about 50 bytes of data, and there can easily be a hundred of them per second. In aggregate, it's a lot of data.
And it has privacy implications.
I was originally considering making an interactive netflow inquiry tool available on the gateways section of the gw.ampr.org website so gateway operators could see what traffic their AMPRNet router is handling. But because there's no way to restrict it so that someone could only view flows involving their own endpoint or subnet, I think it's too much information to be made freely available for people to browse. And there is the consideration that inquiries could wind up presenting a significant load on the system.
I think that presenting anonymized aggregate data wouldn't be a problem, so I'm going to look into that. Probably some traffic density graphs would be ok. And I'm willing, once the tools are installed and working, to make extracts of the data for a gateway operator who is having a problem with his traffic flow.
What's people's opinion of this? - Brian
If it's only traffic on 44net, I would argue there is no expectation of privacy to begin with, since it's only supposed to be Amateur Radio related traffic.
It may even be a deterrent from people who are just fishing for IPv4 address space and have nothing to do with the AMPRnet.
But, the "expectation of privacy" standard is very US specific, and this is a global allocation. Perhaps erring on the side of caution and only providing aggregate data is best.
Neill
Sent from my iPad
On May 22, 2017, at 6:11 PM, Brian Kantor Brian@UCSD.Edu wrote:
(Please trim inclusions from previous messages) _______________________________________________ I was in the process of selecting a netflow viewer -- most of them are web-based -- when it occured to me that someone using it could discover every connection that someone has made through the amprgw router.
The flow data records source and destination address and ports, how much traffic was transferred, the time of day, and how long the connection lasted. Every flow record is about 50 bytes of data, and there can easily be a hundred of them per second. In aggregate, it's a lot of data.
And it has privacy implications.
I was originally considering making an interactive netflow inquiry tool available on the gateways section of the gw.ampr.org website so gateway operators could see what traffic their AMPRNet router is handling. But because there's no way to restrict it so that someone could only view flows involving their own endpoint or subnet, I think it's too much information to be made freely available for people to browse. And there is the consideration that inquiries could wind up presenting a significant load on the system.
I think that presenting anonymized aggregate data wouldn't be a problem, so I'm going to look into that. Probably some traffic density graphs would be ok. And I'm willing, once the tools are installed and working, to make extracts of the data for a gateway operator who is having a problem with his traffic flow.
What's people's opinion of this?
- Brian
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
Brian,
I was curious about this...the Amateur 44 network is know as "what is is" by whitepaper...I assume that's why some many people scan it, write our IPs in hard code, and spoof our addresses...I always had a general assumption that any packet could end up on a licensed radio data network.
For us, that's fine, I place warnings in most places that you've entered 'AMPRNET' and connections are being monitored.
...$0.02
- KB3VWG
I think that presenting anonymized aggregate data wouldn't be a problem, so I'm going to look into that. Probably some traffic density graphs would be ok. And I'm willing, once the tools are installed and working, to make extracts of the data for a gateway operator who is having a problem with his traffic flow.
What's people's opinion of this?
- Brian
It seems to me that the specific data about traffic through specific stations is no one else's business but the station owner. Put another way, there's no reason why I need to know about anyone else's station traffic. But aggregated stats are nice.
Michael N6MEF
I think that as long as it is not a law problem the data can be available ... after all we as amateurs dont supposed to have any secret communication
________________________________ From: 44Net 44net-bounces+ronenp=hotmail.com@hamradio.ucsd.edu on behalf of Brian Kantor Brian@UCSD.Edu Sent: Monday, May 22, 2017 6:10 PM To: 44net@hamradio.ucsd.edu Subject: [44net] netflow vs privacy
(Please trim inclusions from previous messages) _______________________________________________
And it has privacy implications.
What's people's opinion of this? - Brian _________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
From my understanding of netflow, it is based on a sample rate and only 1 out of X packets is actually scanned and reported by netflow. Is that correct? Netflow is not the same as running a TCP DUMP on the network. Additionally, I don't think NETFLOW includes payload data either. Correct?
Unless you are using SSL based connections, there is no such thing as privacy on the internet. The sooner people come to grips with that, the better.
Thanks Craig
On Tue, May 23, 2017 at 10:00 AM, Michael Fox - N6MEF n6mef@mefox.org wrote:
(Please trim inclusions from previous messages) _______________________________________________
I think that as long as it is not a law problem the data can be available ... after all we as amateurs dont supposed to have any secret communication
Encryption is not allowed over radio. But we're not talking about a radio service.
Michael N6MEF
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
On busy routers, the network manager may have chosen to sample the data at intervals instead of every packet, but amprgw isn't all that busy so I'm analyzing every packet that goes through it. Sampling is done so that the amount of data generated by the router netflow statistics reporting isn't greater than the capacity of the host that has to store and analyze it, and so that the router itself doesn't contribute to the congestion on its links.
Netflow does not save the payload content of packets. It does account for it statistically, as the total size of the packet is included in the statistics gathered.
Depends on your definition of privacy: encryption only obscures the content of the packets. The who-called-who and traffic size and duration data is in the clear. This is one of the reasons for the rise in vendors offering VPN services, and for the TOR network.
With the recent change in US law, I realize that my ISP is now probably gathering my call graph data in order to sell that data to advertisers who will target my address. However, neither my employer (who currently is the ISP for most of my internet traffic) nor amprnet are interested in that aspect of the data flows. - Brian
On Tue, May 23, 2017 at 10:30:03AM -0400, Craig Brauckmiller wrote:
From my understanding of netflow, it is based on a sample rate and only 1 out of X packets is actually scanned and reported by netflow. Is that correct? Netflow is not the same as running a TCP DUMP on the network. Additionally, I don't think NETFLOW includes payload data either. Correct?
Unless you are using SSL based connections, there is no such thing as privacy on the internet. The sooner people come to grips with that, the better.
Unless you are using SSL based connections, there is no such thing as privacy on the internet. The sooner people come to grips with that, the better.
The possibility exists that someone could intercept communications, if that communications is not encrypted, even read the contents exists.
But that doesn't mean that those communications are "public", for all to see. And that's completely different than gathering data on all of our systems and posting it for all to see.
Again, even though the technology exists, it's still none of my business who's talking to your systems and none of anyone else's business who's talking to my systems.
Michael N6MEF
-
Brian Kantor -
Craig Brauckmiller -
lleachii@aol.com -
Michael Fox - N6MEF -
Neill Thornton -
R P