
Matt,<br><br>Thank you for the answer. That definitely answer my question. So it will have to learn.. i mean the centralized DB will have to learn before it passes this knowledge that is very interesting..<br><br><div class="gmail_quote">

2010/1/13 Matt Jonkman <span dir="ltr"><<a href="mailto:jonkman@jonkmans.com" target="_blank">jonkman@jonkmans.com</a>></span><br>

<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hey Pedro.<br>

<br>

That's the big challenge we're getting solved soon. The idea we're trying out is to have central hubs distribute changes to a centralized DB. Nodes of the hub would report their last update and the hub would send them the diff from the main.<br>


<br>

Maybe they'd load the initial db from a daily snapshot or something for a new sensor then get the diff's for the day. Not sure there yet. But the concept is that hubs will distribute info to and receive from sensors. That info received will be assimilated and redistributed.<br>


<br>

That answer your question?<br>

<br>

Matt<br>

<div><div></div><div><br>

On Jan 13, 2010, at 11:07 AM, Pedro Marinho wrote:<br>

<br>

> Victor,<br>

><br>

> thanks for the answer. i was just wondering how this works.. if a suricata sensor would have to periodically retrieve the ip reputation information or something..<br>

><br>

><br>

> Message: 2<br>

> Date: Tue, 12 Jan 2010 11:43:22 +0100<br>

> From: Victor Julien <<a href="mailto:victor@inliniac.net" target="_blank">victor@inliniac.net</a>><br>

> Subject: Re: [Oisf-users] ip reputation<br>

> To: <a href="mailto:oisf-users@openinfosecfoundation.org" target="_blank">oisf-users@openinfosecfoundation.org</a><br>

> Message-ID: <<a href="mailto:4B4C524A.9040508@inliniac.net" target="_blank">4B4C524A.9040508@inliniac.net</a>><br>

> Content-Type: text/plain; charset=ISO-8859-1<br>

><br>

> Pedro Marinho wrote:<br>

> > Hello Gentlemen,<br>

> ><br>

> > I am trying to understand the ip reputation mecanism. Could anyone<br>

> > explain or point a paper ?<br>

> > i see this graph here but i can?t understand exactly how bad is the<br>

> > reputation just by looking at it..<br>

> > <a href="http://isc.sans.org/ipinfo.html?ip=202.111.175.157" target="_blank">http://isc.sans.org/ipinfo.html?ip=202.111.175.157</a><br>

> ><br>

> > ps: newbie here<br>

><br>

> Hi Pedro, we currently have no working code yet that does ip reputation.<br>

> We're expecting to have very basic functionality in about 2 to 3 weeks<br>

> and more extensive support later.<br>

><br>

> Cheers,<br>

> Victor<br>

><br>

><br>

> --<br>

> ---------------------------------------------<br>

> Victor Julien<br>

> <a href="http://www.inliniac.net/" target="_blank">http://www.inliniac.net/</a><br>

> PGP: <a href="http://www.inliniac.net/victorjulien.asc" target="_blank">http://www.inliniac.net/victorjulien.asc</a><br>

> ---------------------------------------------<br>

><br>

><br>

><br>

> ------------------------------<br>

><br>

> _______________________________________________<br>

> Oisf-users mailing list<br>

> <a href="mailto:Oisf-users@openinfosecfoundation.org" target="_blank">Oisf-users@openinfosecfoundation.org</a><br>

> <a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>

><br>

><br>

> End of Oisf-users Digest, Vol 2, Issue 7<br>

> ****************************************<br>

><br>

> _______________________________________________<br>

> Oisf-users mailing list<br>

> <a href="mailto:Oisf-users@openinfosecfoundation.org" target="_blank">Oisf-users@openinfosecfoundation.org</a><br>

> <a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>

<br>

<br>

</div></div>----------------------------------------------------<br>

Matthew Jonkman<br>

Emerging Threats<br>

Open Information Security Foundation (OISF)<br>

Phone 765-429-0398<br>

Fax 312-264-0205<br>

<a href="http://www.emergingthreats.net" target="_blank">http://www.emergingthreats.net</a><br>

<a href="http://www.openinformationsecurityfoundation.org" target="_blank">http://www.openinformationsecurityfoundation.org</a><br>

----------------------------------------------------<br>

<br>

PGP: <a href="http://www.jonkmans.com/mattjonkman.asc" target="_blank">http://www.jonkmans.com/mattjonkman.asc</a><br>

<br>

<br>

<br>

</blockquote></div><br>