[Oisf-users] ip reputation

Pedro Marinho pppmarinho at gmail.com
Thu Jan 14 19:57:42 UTC 2010


Matt,

Thank you for the answer. That definitely answer my question. So it will
have to learn.. i mean the centralized DB will have to learn before it
passes this knowledge that is very interesting..

2010/1/13 Matt Jonkman <jonkman at jonkmans.com>

> Hey Pedro.
>
> That's the big challenge we're getting solved soon. The idea we're trying
> out is to have central hubs distribute changes to a centralized DB. Nodes of
> the hub would report their last update and the hub would send them the diff
> from the main.
>
> Maybe they'd load the initial db from a daily snapshot or something for a
> new sensor then get the diff's for the day. Not sure there yet. But the
> concept is that hubs will distribute info to and receive from sensors. That
> info received will be assimilated and redistributed.
>
> That answer your question?
>
> Matt
>
> On Jan 13, 2010, at 11:07 AM, Pedro Marinho wrote:
>
> > Victor,
> >
> > thanks for the answer. i was just wondering how this works.. if a
> suricata sensor would have to periodically retrieve the ip reputation
> information or something..
> >
> >
> > Message: 2
> > Date: Tue, 12 Jan 2010 11:43:22 +0100
> > From: Victor Julien <victor at inliniac.net>
> > Subject: Re: [Oisf-users] ip reputation
> > To: oisf-users at openinfosecfoundation.org
> > Message-ID: <4B4C524A.9040508 at inliniac.net>
> > Content-Type: text/plain; charset=ISO-8859-1
> >
> > Pedro Marinho wrote:
> > > Hello Gentlemen,
> > >
> > > I am trying to understand the ip reputation mecanism. Could anyone
> > > explain or point a paper ?
> > > i see this graph here but i can?t understand exactly how bad is the
> > > reputation just by looking at it..
> > > http://isc.sans.org/ipinfo.html?ip=202.111.175.157
> > >
> > > ps: newbie here
> >
> > Hi Pedro, we currently have no working code yet that does ip reputation.
> > We're expecting to have very basic functionality in about 2 to 3 weeks
> > and more extensive support later.
> >
> > Cheers,
> > Victor
> >
> >
> > --
> > ---------------------------------------------
> > Victor Julien
> > http://www.inliniac.net/
> > PGP: http://www.inliniac.net/victorjulien.asc
> > ---------------------------------------------
> >
> >
> >
> > ------------------------------
> >
> > _______________________________________________
> > Oisf-users mailing list
> > Oisf-users at openinfosecfoundation.org
> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >
> >
> > End of Oisf-users Digest, Vol 2, Issue 7
> > ****************************************
> >
> > _______________________________________________
> > Oisf-users mailing list
> > Oisf-users at openinfosecfoundation.org
> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
> ----------------------------------------------------
> Matthew Jonkman
> Emerging Threats
> Open Information Security Foundation (OISF)
> Phone 765-429-0398
> Fax 312-264-0205
> http://www.emergingthreats.net
> http://www.openinformationsecurityfoundation.org
> ----------------------------------------------------
>
> PGP: http://www.jonkmans.com/mattjonkman.asc
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20100114/0803ce94/attachment-0002.html>


More information about the Oisf-users mailing list