Security Incidents mailing list archives
Re: Hiding IP addresses in trace data
From: Vern Paxson <vern () icir org>
Date: Mon, 21 Oct 2002 21:35:23 -0700
at usenix security 2002, someone working with vern paxson discussed some efforts they are making to develop software and infrastructure which allows for the scrubbing of the true address but the preservation of unique identifiers within the set of traces and flows.
FYI, that's Ruoming Pang. The approach is based on using Bro's protocol analyzers. It's pretty much working for a number of protocols (HTTP, SMTP, FTP, Finger, Ident). We're aiming to have a paper on it written by January, as well as (hopefully!) some traces to release publicly. Vern ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Re: Hiding IP addresses in trace data Vern Paxson (Oct 21)