Re: [Openpacket-devel] New Beta Site Live
Brought to you by:
crazy_j,
taosecurity
Menu
▾
▴
Re: [Openpacket-devel] New Beta Site Live
|
From: Aaron T. <syn...@gm...> - 2007-10-16 19:14:28
|
On Oct 16, 2007 10:30 AM, Richard Bejtlich <tao...@gm...> wrote: > In theory anonymization sounds good, but what does that mean? > > Aaron, I know you know this, but anonymization would have to occur at > multiple layers... I'm particularly worried about removing sensitive > data about layer 4. I'd rather not provide a false sense of > anonymization via replacing IPs when other data is left in layers 5, > 6, or 7. > > My standard rule for the OpenPacket.org moderators will be to reject a > pcap if they believe it contains anything sensitive. We are not going > to jeopardize ourselves by exposing someone's sensitive data through a > volunteer-based, free project. Heh, well I guess that's the difference between you and I... I would create a "wall of sheep" equivalent for pcap's people upload. :) Honestly, most interesting protocols have some kind of identifying data in the payload (IP, username/passwords, etc) and the tools to edit pcap's at this level suck. I suppose people could load them up in NetDude, and manually fix them, but that doesn't sound like a lot of fun for anyone. You also have the potential for breaking the protocol in subtle and painful ways once you start editing them by hand so now moderators have to figure out which are valid, intentionally invalid (fuzzer traffic, etc) and unintentionally invalid (over zealous people trying to anonamize their data). On a side note, is there a way to get the list to properly set the Reply-To: header? -- Aaron Turner http://synfin.net/ http://tcpreplay.synfin.net/ - Pcap editing & replay tools for Unix They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin |
