openpacket-devel

[Openpacket-devel] openpacket.org draft proposal

[Tim F. <fu...@cc...>]

Thanks for posting the proposal, it definately helps fill out the picture of
what you're shooting for.

I had some comments on the document itself:
- 'Required features'
  - You might want to elaborate on what you have in mind for being able to
search packet traces; are you thinking they should just be searchable on the
categories described later, or are you thinking of more advanced searching
features?
  - There are two references to RSS/Atom feeds which I think was just a
duplication
- 'Resources' could include volunteers:
  - analysts and moderators
  - web developers (even if it is based on an existing software package or
set of packages, it'll probably require extensive customization)
  - programmers (to build and improve tools for the manipulation and
anonymization of traces)
  - lawyers (to verify that all appropriate backsides are appropriately
covered, and to advise on ownership/IP issues and user agreements)
  - etc.
- 'Caveats'
  - I think you mean 'discreet' rather than 'discrete' advertisements, if
you mean that they should be small and not prominent

One possibility for searching would be a Flickr-style keyword labeling
scheme, so that a Slammer trace could be tagged as "worm, windows, mssql,
malware, slammer, buffer overflow, udp/1434"; alternately, a fixed-field
scheme (port, type, OS, ...) could be used instead (less powerful, but
easier to implement and probably easier to search for general users).

Another useful feature would be the ability to associate analyses with the
traces; this could be as simple as just using comments, or you might want to
seperate out comments from full-blown analyses.  It would also be nice for
users to be able to 'digg' the analyses.

I think this is an awesome idea.  I'm looking forward to seeing it take off.
:-)

-Tim

Re: [Openpacket-devel] openpacket.org draft proposal

[Richard B. <tao...@gm...>]

On 7/22/06, Tim Furlong <fu...@cc...> wrote:
> Thanks for posting the proposal, it definately helps fill out the picture of
> what you're shooting for.
>
> I had some comments on the document itself:
> - 'Required features'
>   - You might want to elaborate on what you have in mind for being able to
> search packet traces; are you thinking they should just be searchable on the
> categories described later, or are you thinking of more advanced searching
> features?
>   - There are two references to RSS/Atom feeds which I think was just a
> duplication
> - 'Resources' could include volunteers:
>   - analysts and moderators
>   - web developers (even if it is based on an existing software package or
> set of packages, it'll probably require extensive customization)
>   - programmers (to build and improve tools for the manipulation and
> anonymization of traces)
>   - lawyers (to verify that all appropriate backsides are appropriately
> covered, and to advise on ownership/IP issues and user agreements)
>   - etc.
> - 'Caveats'
>   - I think you mean 'discreet' rather than 'discrete' advertisements, if
> you mean that they should be small and not prominent
>
> One possibility for searching would be a Flickr-style keyword labeling
> scheme, so that a Slammer trace could be tagged as "worm, windows, mssql,
> malware, slammer, buffer overflow, udp/1434"; alternately, a fixed-field
> scheme (port, type, OS, ...) could be used instead (less powerful, but
> easier to implement and probably easier to search for general users).
>
> Another useful feature would be the ability to associate analyses with the
> traces; this could be as simple as just using comments, or you might want to
> seperate out comments from full-blown analyses.  It would also be nice for
> users to be able to 'digg' the analyses.
>
>  I think this is an awesome idea.  I'm looking forward to seeing it take
> off. :-)
>
>
> -Tim
>

Hi Tim,

Regarding searches, for now I don't see us searching packet contents.
That would be a nice feature but I think it might be too
resource-intensive.

I agree with your other comments... let's see what we can do.

Thank you,

Richard