On Mon, 21 Oct 2002, John Kristoff wrote: > Too often it seems that people are attempting to hide their IP address > by masking the obvious dotted decimal notated number in various trace > data. well said, john. this is actually a very difficult situation on many fronts, one of them being the discussion of security issues in an open forum. at usenix security 2002, someone working with vern paxson discussed some efforts they are making to develop software and infrastructure which allows for the scrubbing of the true address but the preservation of unique identifiers within the set of traces and flows. note that the scrubbing of identifiable data goes well beyond headers (in both decimal and hex, when appropriate) and into the payload. a lot of useful information stays in the payload. hence, this is a very tough problem. one set of tools available to do this is catalogged at: http://ita.ee.lbl.gov/html/software.html have a look, and keep safe/private/confidential. ___________________________ jose nazario, ph.d. joseat_private http://www.monkey.org/~jose/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Oct 21 2002 - 17:33:48 PDT