[Discussion] What are we making? -- CLIENT Side
Matt Jonkman
jonkman at jonkmans.com
Mon Oct 20 17:44:45 UTC 2008
I think it less important (at least at this point) that we identify the
exact format than to decide the kind of data we'll deal in as mentioned
in another post.
How it's stored in the engine in ways that it's quickly usable is a
separate issue. The push mechanism I don't see how we can move that much
data without it being a binary stream. The overhead of xml and others is
way to high for moving thousands of blocks/reputation changes.
But we can easily have that data available to be pushed to outside tools
similar to unified_output into whatever format the end tool requires.
Matt
Jason Lewis wrote:
> I think you have to do both. XML for data description and
> communications....and the binary for passing the actual data.
>
> Jeremy wrote:
>> I would have to agree with this and would venture to say a custom
>> indexed binary format would be best for this, and not a plain text xml
>> file. Much like Maxminds GeoIP and ASN database files.
>>
>> --jeremy
>>
>> On Sun, Oct 19, 2008 at 8:36 PM, Frank Knobbe <frank at knobbe.us> wrote:
>>
>>> On Sun, 2008-10-19 at 14:30 -0500, Martin Holste wrote:
>>>
>>>> Right, but I envision the XML to be the source that scripts would
>>>> parse into whatever is needed, like router config, dns blocklists,
>>>> host files, search engine blacklists, etc. The key would be to create
>>>> a standard capable of being specific enough to feed the lowest common
>>>> demoninator.
>>>>
>>> Just be aware that there are lots and lots of hostile IP's. I'm not sure
>>> XML is the proper format to deliver those since that data file would
>>> balloon quite drastically :)
>>>
>>> -Frank
>>>
>>>
>>>
>>>
>>> --
>>> It is said that the Internet is a public utility. As such, it is best
>>> compared to a sewer. A big, fat pipe with a bunch of crap sloshing
>>> against your ports.
>>>
>>>
>>> _______________________________________________
>>> Discussion mailing list
>>> Discussion at openinfosecfoundation.org
>>> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion
>>>
>>>
>>>
>> _______________________________________________
>> Discussion mailing list
>> Discussion at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion
>>
>>
>
> _______________________________________________
> Discussion mailing list
> Discussion at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/discussion
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
More information about the Discussion
mailing list