[Discussion] Features - egress

Martin Holste mcholste at gmail.com
Fri Oct 17 19:05:32 UTC 2008


Agreed!  There's also the point that scanning clients' egress traffic can
indicate whether a malware infection was successful or not.  Customers don't
care much about attacks, they care about compromises, and while being aware
of unsuccessful attacks is important to us so that we can warn others, it's
not the top priority.

--Martin

On Fri, Oct 17, 2008 at 2:44 PM, Rob, grandpa of Ryan, Trevor, Devon &
Hannah <rMslade at shaw.ca> wrote:

> Date sent:              Thu, 16 Oct 2008 21:00:32 -0400
> From:                   Matt Jonkman <jonkman at jonkmans.com>
>
> > Here's the big thread. And don't be afraid to start sub-threads for
> > specifics here.
>
> OK  :-)
>
> > OK, those are my initial wish list items. Who has more? What else should
> > we do?
>
> Allow me to throw in a strong push for including egress scanning and
> analysis.  We
> tend to get fixated on the traditional bastion position, with the bad guys
> all on the
> outside and everything inside is pure.  In the current malware-rich
> environment
> that is untenable.  We also can gain a lot more granular information (in
> addition
> to the defence-in-depth backstop) from egress scanning, since we have a
> much
> batter idea of what *should* be leaving our nets.
>
> ======================  (quote inserted randomly by Pegasus Mailer)
> rslade at vcn.bc.ca     slade at victoria.tc.ca     rslade at computercrime.org
> I appreciate the fact that this draft was done in haste, but
> some of the sentences that you are sending out in the world to
> do your work for you are loitering in taverns or asleep beside
> the highway.
>           -- Dr. Dwight Van de Vate, Professor of Philosophy,
>                   University of Tennessee at Knoxville
> victoria.tc.ca/techrev/rms.htm
> blogs.securiteam.com/index.php/archives/author/p1/
> _______________________________________________
> Discussion mailing list
> Discussion at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/discussion/attachments/20081017/270b47e3/attachment-0002.html>


More information about the Discussion mailing list