[nsp-sec] Pre-classified netflow samples
Sebastian Abt
sa at rh-tec.de
Wed Sep 3 06:01:56 EDT 2008
* Smith, Donald wrote:
> Ok then you might be interested in this
> http://www.indiana.edu/~renisac/monitoring.cgi they have sanitized
> netflow available also.
Thanks. Let's see what they have and what they're willing to share...
> It is interesting. I would like to be able to do it because I want to
> be able to train my tier two in what various attacks look like and an
> open repository for examples and explaination would be helpful.
My intention was more in training algorithms, but using it to train
operations is another interesting point, indeed.
> But that would require time both to preform the initial analysis and
> sanitization. If I created netflow in the lab using known attack
> tools I wouldn't have to sanitize but again there is a decent amount
> of work required.
Yes, that's basically the reason why I asked if already classified
examples are available anywhere. Unfortunately this doesn't seem to be
the case, so I'll probably have to spent the time analyzing some of our
flows or simulating attacks in the lab.
thanks,
sebastian
--
fon: +49 69 95411 15 e-mail: sa at rh-tec.de
fax: +49 69 95411 45 mobile: +49 69 95411 55
rh-tec Business GmbH http://www.rh-tec.de/
Ringstrasse 36 32584 Loehne
Geschaeftsfuehrer: Gerhard Roehrmann
Registergericht: AG Bad Oeynhausen, HRB 8112
More information about the nsp-security
mailing list