Re: Hiding IP addresses in trace data

[Vern Paxson <vern () icir org>]

> at usenix security 2002, someone working with vern paxson discussed
> some efforts they are making to develop software and infrastructure which
> allows for the scrubbing of the true address but the preservation of
> unique identifiers within the set of traces and flows.

FYI, that's Ruoming Pang.  The approach is based on using Bro's protocol
analyzers.  It's pretty much working for a number of protocols (HTTP, SMTP,
FTP, Finger, Ident).  We're aiming to have a paper on it written by January,
as well as (hopefully!) some traces to release publicly.

                Vern

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com