[Discussion] Features - Paran-o-meter

Matt Jonkman jonkman at jonkmans.com
Fri Oct 17 20:49:06 UTC 2008


Good idea. I had something in mind like there being categories for each
ip, and an overall average.

The user could if they like weight certain categories higher in that
average and then make decisions on either that average or certain
categories. A list of thresholds essentially and their level of pain
acceptable.

Similar again to spamassassin, warn at this level, block above this
level. But in this case warn would be adding a few points to their alert
threshold, sort of putting that IP on probation, slightest wrong move
and they're out. And vice versa, a spectacularly good reputation
(predefined partners, google, yahoo, etc) would have points reduced from
their alert threshold so they'd have to REALLY screw up to get blocked.

Make sense?

matt


Rob, grandpa of Ryan, Trevor, Devon & Hannah wrote:
> Date sent:      	Thu, 16 Oct 2008 21:00:32 -0400
> From:           	Matt Jonkman <jonkman at jonkmans.com>
> 
>> 2. IP Reputation Sharing
> 
>> 5. Scoring
> 
> Along with both of these (and addressing some of the issues raised in regard to 
> them), user-settable levels of paranoia.  (Not too *easily* user-settable, mind you.)
> 
> ======================  (quote inserted randomly by Pegasus Mailer)
> rslade at vcn.bc.ca     slade at victoria.tc.ca     rslade at computercrime.org
> What a waste it is to lose one's mind.  Or not to have a mind is
> being very wasteful.  How true that is.                 - Dan Quayle
> victoria.tc.ca/techrev/rms.htm blogs.securiteam.com/index.php/archives/author/p1/
> _______________________________________________
> Discussion mailing list
> Discussion at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion

-- 
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc





More information about the Discussion mailing list