[Discussion] toward what goal?

• Previous message (by thread): [Discussion] Wiki Setup
• Next message (by thread): [Discussion] toward what goal?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Matt Jonkman <jonkman at jonkmans.com>:

>
> Great ideas so far everyone! Please keep the discussion going, and lets
> explore some of the less traditional possibilities. The strangest idea
> wins a beer!
>

Here's a strange idea:
   Rather than deciding how to build it or what to build, try to  
figure out what you would want to do with it.  Otherwise you may end  
up building something which is totally, *totally* cool, but has no  
practical application (ala gnu/hurd).
   so here's my theoretical brain exercise:
     "If the " +
     [ insert your choice of constituency here, as in CIO / Network  
Admin / Switch Vendor / Defence Department ] +
     "had perfect visibility into the activities of " +
     [ insert sensor medium here, as in Network Traffic, server or  
firewall Event Logs, Network solutions' invoicing system, Paris  
hilton's Cell Phone ] +
     "with an AI engine and associated toolkit for data drilling and  
correlation, what defensive or offensive actions could they take that  
are not currently feasible or practicable?"

When this is clear in our minds, we will know better what to build.   
If you just want to build a better Snort, that sounds quite pointless,  
given that snort has evolved already to become the best packet content  
scanner on the market.  All the downsides of snort involve the input,  
output, actionable outputs, reporting actions, rule parsing  
limitations, limitations of the host OS, problems with PCI adapter  
limitations, DMA speeds, PCI-x limitations, etc, etc.  The core engine  
and architecture are very nicely adapted (as in evolution/natural  
selection) to the task at hand.

To be truly revolutionary (relative to current technologies) the  
problem needs to be narrowed toward some action we wish to take that  
is not currently possible or reasonable.  consider:
   1962: single goal of high altitude observation built the YF12/SR71
   1969: single goal of highly survivable communications built the DarpaNet
   1978: single goal of radar evasion built the F117/B2
(those three lines should trigger an off-topic flame war, I didn't go  
look up the dates, I'm just working from an old guy's memory)

To be worthy of the challenge, the team goal needs to be highly  
focused.  then it will be possible to achieve great things.  what is  
the goal?  what is the point?

we all know how to build a mega-snort box, but no one does it because  
there is no reason to do it.  Can't sell it, no one would buy it,  
don't really need it, and don't have $200,000 just lying about.   
Mega-snort doesn't really get us very far toward the goal.

My 2c.

jp

----------------------------------------------------------------
@fferent Security Labs:  Isolate/Insulate/Innovate  
http://www.afferentsecurity.com

• Previous message (by thread): [Discussion] Wiki Setup
• Next message (by thread): [Discussion] toward what goal?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]