Re: [Openpacket-devel] OpenPacket.org RC1
Brought to you by:
crazy_j,
taosecurity
Menu
▾
▴
Re: [Openpacket-devel] OpenPacket.org RC1
|
From: James P. <jp...@gm...> - 2008-01-08 16:19:08
|
I agree that it should be the users responsibility, however... To ease the burden of doing this(for me, i would have to write a small shell script to anonymize pcaps if I wanted to contribute a good deal of pcaps. What I am trying to say is geeks are lazy, and you have to make it easy for them to upload pcaps if you want to start getting a bunch of pcaps. I believe that it is more of a usability feature than anything. ;-) I have no problem running the anonymization on a box that I can run at home. I can create a p2p vpn between the server and a box at home and run the anonymization/tshark stuff on that box which will be isolated... It isn't a big deal to run it off a different box. On Jan 8, 2008 9:09 AM, CS Lee <ge...@gm...> wrote: > Hi all, > > I agree no more, if you can provide with modified or stripped pcap, you > should have already have tshark in your own machine, openpacket shouldn't > handle those kind of job(avoid pcap analysis on the server as it will add > more loads to the server(imagine a lot of people run tshark at the same time > in the server and it would be like dos if the server can't handle it and you > can also generate traffics on the server without using the -n option) and we > all know dissector issues in wireshark imposing too much risks based on its > prior records. > > I would be pleased to see it has normal functionalities such as download > and upload pcap and the discussion for certain pcap in forum, to me most of > the pcap should be modified or anonymized by the users itself and the server > shouldn't provide this kind of functionality. > > Thanks > > > On Jan 8, 2008 11:41 PM, Richard Bejtlich <tao...@gm...> wrote: > > > On Jan 8, 2008 10:31 AM, Jeremy Stretch <st...@pa...> wrote: > > > First off, let me congratulate the Openpacket team on this milestone! > > > I've enjoyed watching the site progress and mature over the past few > > > months. Openpacket is sure to enjoy success when it finally goes > > public. > > > > > > I did stumble across a few minor areas which could use fixing up: > > > > > > - The link to a user's profile from a forum's thread list is wrong. > > For > > > example, on http://beta.openpacket.org:8080/forum/show/3 , from what I > > > can tell > > > > > http://beta.openpacket.org:8080/profile/showpublicprofile?userid=stretch > > > should be > > > http://beta.openpacket.org:8080/profile/public_profile?userid=stretch > > > > > > - On a forum thread's page, the user's info appears incorrectly. For > > > example, on http://beta.openpacket.org:8080/post/showthread/12, it > > lists > > > my (stretch's) location and post count as "9". > > > > > > - It would be nice to have a forum post preview feature. > > > > > > - I remember this was discussed a while back, but can't remember how > > it > > > ended; is there any plan to add a confidentiality disclaimer on the > > > upload page? > > > > > > - Might want to put a link to a capture's discussion thread (if any) > > on > > > the 'details' page. > > > > > > - It would be really neat if the tshark analysis was done > > automatically > > > on the server side, though I'm not sure how practical that would be. > > > > > > Just my $0.02. As always, keep up the great work! And don't hesitate > > to > > > ask the community for help. > > > > > > Stretch > > > > > > > Stretch, > > > > Thanks for all of your great feedback. > > > > I just wanted to make one note: I do not like the idea of letting the > > server provide Tshark output. From a user standpoint I really want > > it, but from a security standpoint I think it would be too big a > > vulnerability. There are too many protocol dissector vulnerabilities > > announced with each release of Wireshark. I'd rather let the user > > deal with it than provide an easy avenue to exploit our server. > > > > Sincerely, > > > > Richard > > > > > > ------------------------------------------------------------------------- > > Check out the new SourceForge.net Marketplace. > > It's the best place to buy or sell services for > > just about anything Open Source. > > > > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > > _______________________________________________ > > Openpacket-devel mailing list > > Ope...@li... > > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > > > > > > -- > Best Regards, > > CS Lee<geek00L[at]gmail.com> > > http://geek00l.blogspot.com > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > > |
