<div dir="ltr">Right, you could do database-driven lookups based on addresses contained in the binary format which would return a descriptive result. As a regular user of their database, I agree with Jeremy that the MaxMind model is a good one for this kind of thing.<br>
<br><div class="gmail_quote">On Sun, Oct 19, 2008 at 8:49 PM, Jason Lewis <span dir="ltr"><<a href="mailto:jlewis@packetnexus.com">jlewis@packetnexus.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
I think you have to do both. XML for data description and<br>
communications....and the binary for passing the actual data.<br>
<div><div></div><div class="Wj3C7c"><br>
Jeremy wrote:<br>
> I would have to agree with this and would venture to say a custom<br>
> indexed binary format would be best for this, and not a plain text xml<br>
> file. Much like Maxminds GeoIP and ASN database files.<br>
><br>
> --jeremy<br>
><br>
> On Sun, Oct 19, 2008 at 8:36 PM, Frank Knobbe <<a href="mailto:frank@knobbe.us">frank@knobbe.us</a>> wrote:<br>
><br>
>> On Sun, 2008-10-19 at 14:30 -0500, Martin Holste wrote:<br>
>><br>
>>> Right, but I envision the XML to be the source that scripts would<br>
>>> parse into whatever is needed, like router config, dns blocklists,<br>
>>> host files, search engine blacklists, etc. The key would be to create<br>
>>> a standard capable of being specific enough to feed the lowest common<br>
>>> demoninator.<br>
>>><br>
>> Just be aware that there are lots and lots of hostile IP's. I'm not sure<br>
>> XML is the proper format to deliver those since that data file would<br>
>> balloon quite drastically :)<br>
>><br>
>> -Frank<br>
>><br>
>><br>
>><br>
>><br>
>> --<br>
>> It is said that the Internet is a public utility. As such, it is best<br>
>> compared to a sewer. A big, fat pipe with a bunch of crap sloshing<br>
>> against your ports.<br>
>><br>
>><br>
>> _______________________________________________<br>
>> Discussion mailing list<br>
>> <a href="mailto:Discussion@openinfosecfoundation.org">Discussion@openinfosecfoundation.org</a><br>
>> <a href="http://lists.openinfosecfoundation.org/mailman/listinfo/discussion" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/discussion</a><br>
>><br>
>><br>
>><br>
> _______________________________________________<br>
> Discussion mailing list<br>
> <a href="mailto:Discussion@openinfosecfoundation.org">Discussion@openinfosecfoundation.org</a><br>
> <a href="http://lists.openinfosecfoundation.org/mailman/listinfo/discussion" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/discussion</a><br>
><br>
><br>
<br>
_______________________________________________<br>
Discussion mailing list<br>
<a href="mailto:Discussion@openinfosecfoundation.org">Discussion@openinfosecfoundation.org</a><br>
<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/discussion" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/discussion</a><br>
</div></div></blockquote></div><br></div>