|
From: Christoph M. <ma...@tm...> - 2008-07-14 15:00:10
|
Hi, > 1. Does this thing effectively handle netbios IP addresses? (Names not > so important) What to you mean with netbios addresses? There is currently no Netbios parser parser. > 2. How does it handle things like the user visiting showmyip.com? Can it > recognize and strip/replace that returned IP? The information from such sites lies in http and therefore layer 5. Writing a http parser for anonymization of http traffic is one thing, the other is the correlation of such information in the different layers. Currently PktAnon handles protocols on layers >= 5 as pure payload. Therefore the structure is not taken into account but rather one anonymization primitive applied to the complete payload. > As for how to verify, a hex-level search for the IP address and/or > machine name ought to be a good first step. Would need to verify that > there aren't any gzip'd posts that might contain info, etc. You have to be careful to reduce anonymization to IP addresses. There is much more sensitive information that can reveal e.g. what services you run on your network. So verification is an important point that affects the complete anonymization profile and not just IP addresses. Best regards, Chris > Matt > > Richard Bejtlich wrote: >> ---------- Forwarded message ---------- >> From: Christoph P. Mayer <nor...@bl...> >> Date: Sun, Jul 13, 2008 at 2:23 PM >> Subject: [TaoSecurity] New comment on Packet Anonymization with PktAnon. >> To: tao...@gm... >> >> >> Christoph P. Mayer has left a new comment on your post "Packet >> Anonymization with PktAnon": >> >> Hi, >> >> we, the PktAnon developers, would be very happy to help getting >> PktAnon into OpenPacket.org! >> >> If there is an interest in this, we would like to kick off discussion >> about mainly three points: >> >> 1. What protocols need to be supported? PktAnon supports a wide range >> of standard protocol. But it needs extensions in higher layer >> protocols for layer >= 5. Due to the architecture new protocols are >> quite easy to add. >> >> 2. What additional anonymization primitives are needed and how can >> anonymized traces be verified? >> >> 3. Will we find a way to define community standardized anonymization >> profiles? From our point of view this requires cooperation from >> network engineers, researchers, and lawyers. There is still no >> consensus after quite some research done in this area about what >> anonymization is "right". Having the community in discussing about a >> standard set of anonymization profiles would be a huge step forward! >> Having standardized profiles also helps e.g. OpenPacket.org to mark >> traces in saying what profile has been used. >> >> I would be very happy if there is interest in discussing these points >> and getting the community further in sharing network traces. >> >> Best regards, >> Christoph P. Mayer >> >> >> >> Posted by Christoph P. Mayer to TaoSecurity at 2:23 PM >> >> ------------------------------------------------------------------------- >> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! >> Studies have shown that voting for your favorite open source project, >> along with a healthy diet, reduces your potential for chronic lameness >> and boredom. Vote Now at http://www.sourceforge.net/community/cca08 >> _______________________________________________ >> Openpacket-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/openpacket-devel > -- Dipl.-Inform. Christoph P. Mayer Institute of Telematics, University of Karlsruhe (TH) Zirkel 2, 76128 Karlsruhe, Germany Phone: +49 721 608 6415, Email: ma...@tm... Web: http://www.tm.uka.de/~mayer/ |
