Firewall Wizards mailing list archives
Re: "Who else picked this one up?"
From: "Paul D. Robertson" <proberts () clark net>
Date: Fri, 30 Apr 1999 20:08:40 -0400 (EDT)
On Fri, 30 Apr 1999, Marcus J. Ranum wrote:
NFR) have been looking into adding a feature in the next version of Back Officer to allow someone to publish these kinds of records (potentially with a hashed IP address instead of the real one) to a central location for statistics, forensics,
A hashed IP address isn't going to be really useful as a cover if it's easily recreated, and not so useful as a tool if it isn't. I'd rather see heavy disclaimers that packets may be spoofed and real addresses. The important issue IMO is in the reporter's validity. That's a tougher nut to crack, but should probably be a longer-term goal. Victim data is going to be more difficult to get from everyone than attacker data. How do you envision using the data, and how much of it (if any) should be blind analysis?
Anyone got thoughts they'd like to share about some of the information that might be worth gathering? We thought we'd
Originating AS of the apparent source of the packets. It's time to start dragging providers into the mess in some tangenital way. If there are highly abusive networks, then that issue needs to be raised with those network operators. Time both local and zulu (GMT) would also be good for overall trending. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () clark net which may have no basis whatsoever in fact." PSB#9280
Current thread:
- Re: Port 5767, (continued)
- Re: Port 5767 mht (Apr 14)
- "Re: a fun new tool from us... & 'Today's occurances' " Philip S Holt, Security Engineer / Network Engineer (Apr 28)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " Paul D. Robertson (Apr 28)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " Kaptain (Apr 29)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " Paul D. Robertson (Apr 29)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " pmsac (Apr 29)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " carson (Apr 30)
- "Who else picked this one up?" Philip S Holt, Security Engineer / Network Engineer (Apr 30)
- Re: "Who else picked this one up?" Marcus J. Ranum (Apr 30)
- BO, netbus and so on... Marcelo M. Sosa Lugones (Apr 30)
- Re: "Who else picked this one up?" Paul D. Robertson (Apr 30)
- Re: "Who else picked this one up?" Marcus J. Ranum (Apr 30)
- Re: "Who else picked this one up?" Paul D. Robertson (Apr 30)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " Paul D. Robertson (Apr 28)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " Tin Le (Apr 30)