Re: [Openpacket-devel] openpacket.org draft proposal
Brought to you by:
crazy_j,
taosecurity
Menu
▾
▴
Re: [Openpacket-devel] openpacket.org draft proposal
|
From: Richard B. <tao...@gm...> - 2006-07-23 01:08:31
|
On 7/22/06, Tim Furlong <fu...@cc...> wrote: > Thanks for posting the proposal, it definately helps fill out the picture of > what you're shooting for. > > I had some comments on the document itself: > - 'Required features' > - You might want to elaborate on what you have in mind for being able to > search packet traces; are you thinking they should just be searchable on the > categories described later, or are you thinking of more advanced searching > features? > - There are two references to RSS/Atom feeds which I think was just a > duplication > - 'Resources' could include volunteers: > - analysts and moderators > - web developers (even if it is based on an existing software package or > set of packages, it'll probably require extensive customization) > - programmers (to build and improve tools for the manipulation and > anonymization of traces) > - lawyers (to verify that all appropriate backsides are appropriately > covered, and to advise on ownership/IP issues and user agreements) > - etc. > - 'Caveats' > - I think you mean 'discreet' rather than 'discrete' advertisements, if > you mean that they should be small and not prominent > > One possibility for searching would be a Flickr-style keyword labeling > scheme, so that a Slammer trace could be tagged as "worm, windows, mssql, > malware, slammer, buffer overflow, udp/1434"; alternately, a fixed-field > scheme (port, type, OS, ...) could be used instead (less powerful, but > easier to implement and probably easier to search for general users). > > Another useful feature would be the ability to associate analyses with the > traces; this could be as simple as just using comments, or you might want to > seperate out comments from full-blown analyses. It would also be nice for > users to be able to 'digg' the analyses. > > I think this is an awesome idea. I'm looking forward to seeing it take > off. :-) > > > -Tim > Hi Tim, Regarding searches, for now I don't see us searching packet contents. That would be a nice feature but I think it might be too resource-intensive. I agree with your other comments... let's see what we can do. Thank you, Richard |
