[Openpacket-devel] openpacket.org draft proposal
Brought to you by:
crazy_j,
taosecurity
Menu
▾
▴
[Openpacket-devel] openpacket.org draft proposal
|
From: Tim F. <fu...@cc...> - 2006-07-22 04:38:19
|
Thanks for posting the proposal, it definately helps fill out the picture of what you're shooting for. I had some comments on the document itself: - 'Required features' - You might want to elaborate on what you have in mind for being able to search packet traces; are you thinking they should just be searchable on the categories described later, or are you thinking of more advanced searching features? - There are two references to RSS/Atom feeds which I think was just a duplication - 'Resources' could include volunteers: - analysts and moderators - web developers (even if it is based on an existing software package or set of packages, it'll probably require extensive customization) - programmers (to build and improve tools for the manipulation and anonymization of traces) - lawyers (to verify that all appropriate backsides are appropriately covered, and to advise on ownership/IP issues and user agreements) - etc. - 'Caveats' - I think you mean 'discreet' rather than 'discrete' advertisements, if you mean that they should be small and not prominent One possibility for searching would be a Flickr-style keyword labeling scheme, so that a Slammer trace could be tagged as "worm, windows, mssql, malware, slammer, buffer overflow, udp/1434"; alternately, a fixed-field scheme (port, type, OS, ...) could be used instead (less powerful, but easier to implement and probably easier to search for general users). Another useful feature would be the ability to associate analyses with the traces; this could be as simple as just using comments, or you might want to seperate out comments from full-blown analyses. It would also be nice for users to be able to 'digg' the analyses. I think this is an awesome idea. I'm looking forward to seeing it take off. :-) -Tim |
