Re: Hiding IP addresses in trace data

From: Vern Paxson (vernat_private)
Date: Mon Oct 21 2002 - 21:35:23 PDT

Next message: rfcloverat_private: "[Full-Disclosure] 7350reass - alleged *BSD remote kernel exploit"

Previous message: Kerry Thompson: "Re: Invalid IP address"
Next in thread: daniele.muscettaat_private: "Re: a different, stranger port 137 activity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> at usenix security 2002, someone working with vern paxson discussed
> some efforts they are making to develop software and infrastructure which
> allows for the scrubbing of the true address but the preservation of
> unique identifiers within the set of traces and flows.

FYI, that's Ruoming Pang.  The approach is based on using Bro's protocol
analyzers.  It's pretty much working for a number of protocols (HTTP, SMTP,
FTP, Finger, Ident).  We're aiming to have a paper on it written by January,
as well as (hopefully!) some traces to release publicly.

		Vern

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: rfcloverat_private: "[Full-Disclosure] 7350reass - alleged *BSD remote kernel exploit"
Previous message: Kerry Thompson: "Re: Invalid IP address"
Next in thread: daniele.muscettaat_private: "Re: a different, stranger port 137 activity"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Oct 21 2002 - 22:07:54 PDT