[Discussion] What are we making? -- CLIENT Side

David Glosser david.glosser at gmail.com
Mon Oct 20 01:48:57 UTC 2008


Based on other conversations with Matt concerning malwaredomains & the
dns-bh list, there could be several BadNess lists/rules, hostility
within the previous 24 hours, previous 48 hrs, previous 96 hrs, 1
week, etc.

Then data file would only be super large for the full "BadNess" list
and a few of the long ones.

Of course, "Enumerating Badness" is still reactive.

Matt, I know you've done things with predictive blacklisting.....
http://www.emergingthreats.net/content/view/88/1/). Could this
research be leveraged as well?




On Sun, Oct 19, 2008 at 9:36 PM, Frank Knobbe <frank at knobbe.us> wrote:
> On Sun, 2008-10-19 at 14:30 -0500, Martin Holste wrote:
>> Right, but I envision the XML to be the source that scripts would
>> parse into whatever is needed, like router config, dns blocklists,
>> host files, search engine blacklists, etc.  The key would be to create
>> a standard capable of being specific enough to feed the lowest common
>> demoninator.
>
> Just be aware that there are lots and lots of hostile IP's. I'm not sure
> XML is the proper format to deliver those since that data file would
> balloon quite drastically :)
>
> -Frank
>
>
>
>
> --
> It is said that the Internet is a public utility. As such, it is best
> compared to a sewer. A big, fat pipe with a bunch of crap sloshing
> against your ports.
>
>
> _______________________________________________
> Discussion mailing list
> Discussion at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion
>
>



More information about the Discussion mailing list