[Oisf-users] ip reputation

Matt Jonkman jonkman at jonkmans.com
Wed Jan 13 16:13:42 UTC 2010


Hey Pedro. 

That's the big challenge we're getting solved soon. The idea we're trying out is to have central hubs distribute changes to a centralized DB. Nodes of the hub would report their last update and the hub would send them the diff from the main. 

Maybe they'd load the initial db from a daily snapshot or something for a new sensor then get the diff's for the day. Not sure there yet. But the concept is that hubs will distribute info to and receive from sensors. That info received will be assimilated and redistributed.

That answer your question?

Matt

On Jan 13, 2010, at 11:07 AM, Pedro Marinho wrote:

> Victor,
> 
> thanks for the answer. i was just wondering how this works.. if a suricata sensor would have to periodically retrieve the ip reputation information or something.. 
> 
> 
> Message: 2
> Date: Tue, 12 Jan 2010 11:43:22 +0100
> From: Victor Julien <victor at inliniac.net>
> Subject: Re: [Oisf-users] ip reputation
> To: oisf-users at openinfosecfoundation.org
> Message-ID: <4B4C524A.9040508 at inliniac.net>
> Content-Type: text/plain; charset=ISO-8859-1
> 
> Pedro Marinho wrote:
> > Hello Gentlemen,
> >
> > I am trying to understand the ip reputation mecanism. Could anyone
> > explain or point a paper ?
> > i see this graph here but i can?t understand exactly how bad is the
> > reputation just by looking at it..
> > http://isc.sans.org/ipinfo.html?ip=202.111.175.157
> >
> > ps: newbie here
> 
> Hi Pedro, we currently have no working code yet that does ip reputation.
> We're expecting to have very basic functionality in about 2 to 3 weeks
> and more extensive support later.
> 
> Cheers,
> Victor
> 
> 
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
> 
> 
> 
> ------------------------------
> 
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 
> 
> End of Oisf-users Digest, Vol 2, Issue 7
> ****************************************
> 
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users


----------------------------------------------------
Matthew Jonkman
Emerging Threats
Open Information Security Foundation (OISF)
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
http://www.openinformationsecurityfoundation.org
----------------------------------------------------

PGP: http://www.jonkmans.com/mattjonkman.asc






More information about the Oisf-users mailing list