Firewall Wizards mailing list archives
Re: "Who else picked this one up?"
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Fri, 30 Apr 1999 19:00:05 -0400
Philip S Holt, Security Engineer / Network Engineer wrote:
BO PING sweep attempted by 195.99.61.138 BO TYPE_HTTPENABLE attempted by 195.99.61.138
[...] A few of us (some folks on the list and some of the folks at NFR) have been looking into adding a feature in the next version of Back Officer to allow someone to publish these kinds of records (potentially with a hashed IP address instead of the real one) to a central location for statistics, forensics, and to share within the security community. This would, I must _emphasize_, not, I repeat _NOT_ be automatic and would require configuration and a passcode exchange between the repository and the desktop user. Anyone got thoughts they'd like to share about some of the information that might be worth gathering? We thought we'd start by correlating class C networks, correlating reverse lookups of domains, correlating type of service swept/probed, as well as (sometimes) parameters. I guess we're still at the "scratching our heads and thinking over the issues" phase. We're aware of the CIDF work that IETF and others are doing, but don't want to do anything near as topheavy. I guess the goal of the project would be to get some statistics about how bad the scanning rate _is_ out there. From what we've learned by releasing BOF it's _LOTS_ worse than I thought. mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- Re: a fun new tool from us..., (continued)
- Re: a fun new tool from us... Jonathan Rozes (Apr 14)
- Message not available
- Re: a fun new tool from us... Christoph Schneeberger (Apr 15)
- Re: Port 5767 mht (Apr 14)
- "Re: a fun new tool from us... & 'Today's occurances' " Philip S Holt, Security Engineer / Network Engineer (Apr 28)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " Paul D. Robertson (Apr 28)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " Kaptain (Apr 29)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " Paul D. Robertson (Apr 29)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " pmsac (Apr 29)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " carson (Apr 30)
- "Who else picked this one up?" Philip S Holt, Security Engineer / Network Engineer (Apr 30)
- Re: "Who else picked this one up?" Marcus J. Ranum (Apr 30)
- BO, netbus and so on... Marcelo M. Sosa Lugones (Apr 30)
- Re: "Who else picked this one up?" Paul D. Robertson (Apr 30)
- Re: "Who else picked this one up?" Marcus J. Ranum (Apr 30)
- Re: "Who else picked this one up?" Paul D. Robertson (Apr 30)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " Paul D. Robertson (Apr 28)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " Tin Le (Apr 30)