[Discussion] What are we making? -- CLIENT Side
Martin Holste
mcholste at gmail.com
Mon Oct 20 03:54:38 UTC 2008
Right, you could do database-driven lookups based on addresses contained in
the binary format which would return a descriptive result. As a regular
user of their database, I agree with Jeremy that the MaxMind model is a good
one for this kind of thing.
On Sun, Oct 19, 2008 at 8:49 PM, Jason Lewis <jlewis at packetnexus.com> wrote:
> I think you have to do both. XML for data description and
> communications....and the binary for passing the actual data.
>
> Jeremy wrote:
> > I would have to agree with this and would venture to say a custom
> > indexed binary format would be best for this, and not a plain text xml
> > file. Much like Maxminds GeoIP and ASN database files.
> >
> > --jeremy
> >
> > On Sun, Oct 19, 2008 at 8:36 PM, Frank Knobbe <frank at knobbe.us> wrote:
> >
> >> On Sun, 2008-10-19 at 14:30 -0500, Martin Holste wrote:
> >>
> >>> Right, but I envision the XML to be the source that scripts would
> >>> parse into whatever is needed, like router config, dns blocklists,
> >>> host files, search engine blacklists, etc. The key would be to create
> >>> a standard capable of being specific enough to feed the lowest common
> >>> demoninator.
> >>>
> >> Just be aware that there are lots and lots of hostile IP's. I'm not sure
> >> XML is the proper format to deliver those since that data file would
> >> balloon quite drastically :)
> >>
> >> -Frank
> >>
> >>
> >>
> >>
> >> --
> >> It is said that the Internet is a public utility. As such, it is best
> >> compared to a sewer. A big, fat pipe with a bunch of crap sloshing
> >> against your ports.
> >>
> >>
> >> _______________________________________________
> >> Discussion mailing list
> >> Discussion at openinfosecfoundation.org
> >> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion
> >>
> >>
> >>
> > _______________________________________________
> > Discussion mailing list
> > Discussion at openinfosecfoundation.org
> > http://lists.openinfosecfoundation.org/mailman/listinfo/discussion
> >
> >
>
> _______________________________________________
> Discussion mailing list
> Discussion at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/discussion/attachments/20081019/ab0636fa/attachment-0002.html>
More information about the Discussion
mailing list