Re: [ipfix-eval] Some comments on the evaluation team draft

Benoit Claise <bclaise@cisco.com> Tue, 19 November 2002 12:38 UTC

Message-ID: <3DDA2D6C.600@cisco.com>
Date: Tue, 19 Nov 2002 13:24:12 +0100
From: Benoit Claise <bclaise@cisco.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.1) Gecko/20020815
MIME-Version: 1.0
To: Reinaldo Penno <rpenno@nortelnetworks.com>
CC: Simon Leinen <simon@limmat.switch.ch>, ipfix-eval@net.doit.wisc.edu, ipfix-req@net.doit.wisc.edu
Subject: Re: [ipfix-eval] Some comments on the evaluation team draft
References: <0A11633F61BD9F40B43ABCC694004F9320258F@zsc3c026.us.nortel.com>
Content-Type: multipart/alternative; boundary="------------040002030404010205070502"
Precedence: bulk
Sender: majordomo listserver <majordomo@mil.doit.wisc.edu>

Reinaldo,

> Benoit,
>  
> you can use other fields, such as IP Proto, TCP Ports, packet size, 
> etc, etc..

My solution would be: I use a template which exports only IP proto, TCP 
ports, packet size, etc, etc... but not the IP addresses.
And because I don't do any aggregation, I keep the same flow granularity.
Now if I don't need the flow granularity, I can aggregate on the router.

Again, my point was: "So what's the point to export something that you 
can't use?"

Regards, Benoit.

> There are several sites where you can download public data from 
> probes/exporters where the IP addresses are maked by a one-way 
> function but the other fields can be seen. See for instance 
> http://tracer.csl.sony.co.jp/mawi/guideline.txt
>  
> "Protecting User Privacy
>
> There are 2 issues regarding user privacy.
>
> 1. Removing user data:
> Leave only protocol headers and remove protocol
> payload which could contain user data.
> 2. Providing anonymity:
> Scramble addresses which could be used to identify a
> user.
> "
>  
> regards,
>  
> Reinaldo
>
>     -----Original Message-----
>     *From:* Benoit Claise [mailto:bclaise@cisco.com]
>     *Sent:* Friday, November 15, 2002 8:51 AM
>     *To:* Simon Leinen
>     *Cc:* ipfix-eval@net.doit.wisc.edu; ipfix-req@net.doit.wisc.edu
>     *Subject:* Re: [ipfix-eval] Some comments on the evaluation team draft
>
>     Simon,
>
>>On Thu, 14 Nov 2002 16:52:35 +0100, Benoit Claise <bclaise@cisco.com> said:
>>  
>>
>>>5.7 Anonymization  (6.7)   LFAP: E     CRANE: E     IPDR: E
>>>NetFlow: E     Diameter: E
>>>    
>>>
>>
>>  
>>
>>>In my draft http://www.ietf.org/internet-drafts/draft-claise-ipfix-eval-netflow-03.txt, I wrote
>>>    
>>>
>>
>>
>>  
>>
>>>    3.5.7 Anonymization (6.6)
>>>            "The exporting process MAY be capable of anonymizing
>>>source and
>>>       destination IP addresses in flow data before exporting them."
>>>       _Total Compliance. _
>>>    
>>>
>>
>>  
>>
>>>You can export the prefix is you want to and not the specific source
>>>and destination IP addresses.
>>>    
>>>
>>
>>I would call that "(router-based) aggregation" rather than
>>"anonymization".  With anonymization you somehow expect to maintain
>>granularity, but want some kind of (non-reversible?) scrambling to
>>cover up privacy-sensitive parts of the traffic data, such as IP
>>addresses.
>>
>     So what's the point to export something that you can't use?
>
>     Benoit.
>
>>Don't take this requirement too seriously.  None of the candidates has
>>addressed this, and I think as a requirement it hasn't been thought
>>through too well.  It doesn't really reflect current practice, and
>>personally I think this is better done on the collector side.
>>  
>>
>
>

[ipfix-eval] Some comments on the evaluation team… Benoit Claise
RE: [ipfix-eval] Some comments on the evaluation … Reinaldo Penno
Re: [ipfix-eval] Some comments on the evaluation … Simon Leinen
Re: [ipfix-eval] Some comments on the evaluation … Simon Leinen
Re: [ipfix-eval] Some comments on the evaluation … Vamsidhar Valluri
RE: [ipfix-eval] Some comments on the evaluation … Tal Givoly
Re: [ipfix-eval] Some comments on the evaluation … Benoit Claise
RE: [ipfix-eval] Some comments on the evaluation … Reinaldo Penno
Re: [ipfix-eval] Some comments on the evaluation … Benoit Claise