Thread: [Openpacket-devel] OpenPacket demo comments
Brought to you by:
crazy_j,
taosecurity
Menu
▾
▴
openpacket-devel
|
From: Richard B. <tao...@gm...> - 2006-08-04 20:10:42
|
David -- phenomenal job. These are my immediate comments as I try the site: -- Love the RSS feeds! -- I assume people can't access the URL for an unapproved feed (say http://roach4.no-ip.org:8000/viewfile/25 if 1-24 are already approved) ? -- When approving traces, can there be some sort of "approve with comment" or "disapprove with comment" instead of just Y or N? -- It would be helpful for moderators to be able to review a Moderation History log to see who made what decisions, and when. -- We need a "remoderation" feature. A moderator might make a mistake, or miss something. So we'll have to be able to remove a trace, or maybe add it in later. -- When browsing files, it would be nice to have a Rating based on user feedback. -- Each trace should have a counter showing number of downloads, if possible. -- Could you set some kind of marker on the trace indicating if the trace was sanitized during upload or not? -- When browsing files, sorting on various columns would be cool. -- It would be neat to make trace uploader IDs a linkable feature that would show all traces uploaded by that user ID. -- When looking at individual traces, the trace uploader ID is currently a link to their email address. I would prefer removing that to foil spammers. It would also be good to instead link to a page built for the individual user. Maybe that page would also list all of their uploads, as mentioned earlier? -- I'm starting to wonder how best to organize these traces. We probably want some means of letting users indicate their idea of what the trace is. We probably want the moderators to make the final determination. -- We might want to stick with really generic categories, like "normal," "suspicious," "malicious," or "unknown." -- Are you saving any information about the traces once your parser reads them? For example, is it possible to search for traces involving IP X or port Y or protocol Z? -- We may have to end up having the traces available mainly via queries. In other words, trying to define rigid categories might be doomed. -- I'll have to develop some disclaimers, FAQs, etc. I also need to work on sponsors. This is really awesome. I think having this concrete site will help us answer lots of questions. Thank you, Richard |
|
From: Jacob H. <ha...@gm...> - 2006-08-04 20:32:29
|
Well, may I suggest that now is a good time than ever to start a SVN/CVS server for the site? I could host the site and SVN for development. Then give access to developers who would like to work on feature requests / bugs. We could also have the SVN repo on sourceforge and/or google. Not sure if David is ready to do such a thing or not. But I would definately like to help with some of these features and/or design. Jake On 8/4/06, Richard Bejtlich <tao...@gm...> wrote: > David -- phenomenal job. These are my immediate comments as I try the site: > > -- Love the RSS feeds! > > -- I assume people can't access the URL for an unapproved feed (say > http://roach4.no-ip.org:8000/viewfile/25 if 1-24 are already approved) > ? > > -- When approving traces, can there be some sort of "approve with > comment" or "disapprove with comment" instead of just Y or N? > > -- It would be helpful for moderators to be able to review a > Moderation History log to see who made what decisions, and when. > > -- We need a "remoderation" feature. A moderator might make a > mistake, or miss something. So we'll have to be able to remove a > trace, or maybe add it in later. > > -- When browsing files, it would be nice to have a Rating based on > user feedback. > > -- Each trace should have a counter showing number of downloads, if possible. > > -- Could you set some kind of marker on the trace indicating if the > trace was sanitized during upload or not? > > -- When browsing files, sorting on various columns would be cool. > > -- It would be neat to make trace uploader IDs a linkable feature that > would show all traces uploaded by that user ID. > > -- When looking at individual traces, the trace uploader ID is > currently a link to their email address. I would prefer removing that > to foil spammers. It would also be good to instead link to a page > built for the individual user. Maybe that page would also list all of > their uploads, as mentioned earlier? > > -- I'm starting to wonder how best to organize these traces. We > probably want some means of letting users indicate their idea of what > the trace is. We probably want the moderators to make the final > determination. > > -- We might want to stick with really generic categories, like > "normal," "suspicious," "malicious," or "unknown." > > -- Are you saving any information about the traces once your parser > reads them? For example, is it possible to search for traces > involving IP X or port Y or protocol Z? > > -- We may have to end up having the traces available mainly via > queries. In other words, trying to define rigid categories might be > doomed. > > -- I'll have to develop some disclaimers, FAQs, etc. I also need to > work on sponsors. > > This is really awesome. I think having this concrete site will help > us answer lots of questions. > > Thank you, > > Richard > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys -- and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > |
|
From: Richard B. <tao...@gm...> - 2006-08-04 23:30:49
|
On 8/4/06, Jacob Ham <ha...@gm...> wrote: > Well, may I suggest that now is a good time than ever to start a > SVN/CVS server for the site? I could host the site and SVN for > development. Then give access to developers who would like to work on > feature requests / bugs. > > We could also have the SVN repo on sourceforge and/or google. Not > sure if David is ready to do such a thing or not. But I would > definately like to help with some of these features and/or design. > > Jake > Hi Jake, David and I discussed CVS/SVN and we agree it's a good idea. David's OpenPacket.org code itself will be open source, so we could host it at sf.net. We might host it ourselves too. Either way, expect CVS/SVN sometime next week. Thank you, Richard |
|
From: Richard B. <tao...@gm...> - 2006-08-04 23:32:28
|
On 8/4/06, Richard Bejtlich <tao...@gm...> wrote: > David -- phenomenal job. These are my immediate comments as I try the site: > Another thought -- could be allow users to assign tags to traces? That might help the site deal with moderator lack of time or desire to classify everything in a trace. Richard |
|
From: Richard B. <tao...@gm...> - 2006-08-07 16:30:52
|
On 8/7/06, David A. Belle-Isle <dbe...@im...> wrote: > Hi Richard, > > I'm working on the various comments you made after trying the demo and I > got one little question. > > - You say: "When browsing files, it would be nice to have a Rating based > on user feedback." --> Are you talking about the same rating as you > asked for users or is it another rating? If so, how is it calulated? > Number of feedbacks? Feedbacks quality? Users rate the file?? > Hi David, I had two ratings based in mind -- sorry for not making this clearer. Users who upload traces should be "rated" to receive karma/popularity points/whatever, Slashdot-style. I think traces should have ratings associated with them, independent of who uploaded them, so I could look for: 1. Most downloaded trace 2. Most commented-upon trace 3. A general "interesting"? (hot or not?) type rating? If anyone can improve my thinking on this, please do. I'm trying to put myself in the shoes of a user who visits OpenPacket.org, perhaps not knowing what to look at or where to begin. Those three ratings might point n00bs to the most interesting traces. Thank you, Richard |
|
From: Jacob H. <ha...@gm...> - 2006-08-08 15:07:59
|
On 8/7/06, Richard Bejtlich <tao...@gm...> wrote: > I'm trying to put myself in the shoes of a user who visits > OpenPacket.org, perhaps not knowing what to look at or where to begin. > Those three ratings might point n00bs to the most interesting traces. Along this note, there was an interesting post you made on your blog recently. The packet analysis challenge that was conducted by SANS Internet Storm Center was an very interesting way to learn about packet analysis. Not only did I get to download the packet, but also got to read the understanding behind it. I might be getting ahead of myself here, but something like a challenge or just a walk through of an packet capture could help the community immensely! Maybe we could get sponsors to offer rewards for certain challenges, like a signed book from Richard Bejtlich himself :-) Jake |
|
From: Tim F. <fu...@cc...> - 2006-08-08 15:16:02
|
Honeynet.org had also done some of that sort of thing, and has the old challenges up: http://honeynet.org/misc/chall.html They've done scan analysis, reverse engineering, and forensic analysis challenges. We might be able to draw inspiration from that. -Tim On 8/8/06, Jacob Ham <ha...@gm...> wrote: > > On 8/7/06, Richard Bejtlich <tao...@gm...> wrote: > > I'm trying to put myself in the shoes of a user who visits > > OpenPacket.org, perhaps not knowing what to look at or where to begin. > > Those three ratings might point n00bs to the most interesting traces. > > Along this note, there was an interesting post you made on your blog > recently. The packet analysis challenge that was conducted by SANS > Internet Storm Center was an very interesting way to learn about > packet analysis. Not only did I get to download the packet, but also > got to read the understanding behind it. > > I might be getting ahead of myself here, but something like a > challenge or just a walk through of an packet capture could help the > community immensely! Maybe we could get sponsors to offer rewards for > certain challenges, like a signed book from Richard Bejtlich himself > :-) > > Jake > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job > easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Openpacket-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openpacket-devel > -- Tim Furlong tim...@gm... |
Thanks for helping keep SourceForge clean.
X