|
From: Matt J. <jo...@jo...> - 2008-07-14 12:26:53
|
Wow, that's an interesting tool (says the guy with 40k pcaps he can't share for privacy) few thoughts: 1. Does this thing effectively handle netbios IP addresses? (Names not so important) 2. How does it handle things like the user visiting showmyip.com? Can it recognize and strip/replace that returned IP? As for how to verify, a hex-level search for the IP address and/or machine name ought to be a good first step. Would need to verify that there aren't any gzip'd posts that might contain info, etc. Matt Richard Bejtlich wrote: > ---------- Forwarded message ---------- > From: Christoph P. Mayer <nor...@bl...> > Date: Sun, Jul 13, 2008 at 2:23 PM > Subject: [TaoSecurity] New comment on Packet Anonymization with PktAnon. > To: tao...@gm... > > > Christoph P. Mayer has left a new comment on your post "Packet > Anonymization with PktAnon": > > Hi, > > we, the PktAnon developers, would be very happy to help getting > PktAnon into OpenPacket.org! > > If there is an interest in this, we would like to kick off discussion > about mainly three points: > > 1. What protocols need to be supported? PktAnon supports a wide range > of standard protocol. But it needs extensions in higher layer > protocols for layer >= 5. Due to the architecture new protocols are > quite easy to add. > > 2. What additional anonymization primitives are needed and how can > anonymized traces be verified? > > 3. Will we find a way to define community standardized anonymization > profiles? From our point of view this requires cooperation from > network engineers, researchers, and lawyers. There is still no > consensus after quite some research done in this area about what > anonymization is "right". Having the community in discussing about a > standard set of anonymization profiles would be a huge step forward! > Having standardized profiles also helps e.g. OpenPacket.org to mark > traces in saying what profile has been used. > > I would be very happy if there is interest in discussing these points > and getting the community further in sharing network traces. > > Best regards, > Christoph P. Mayer > > > > Posted by Christoph P. Mayer to TaoSecurity at 2:23 PM > > ------------------------------------------------------------------------- > Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! > Studies have shown that voting for your favorite open source project, > along with a healthy diet, reduces your potential for chronic lameness > and boredom. Vote Now at http://www.sourceforge.net/community/cca08 > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel -- -------------------------------------------- Matthew Jonkman Emerging Threats Phone 765-429-0398 Fax 312-264-0205 http://www.emergingthreats.net -------------------------------------------- PGP: http://www.jonkmans.com/mattjonkman.asc |
