[scg-sec] Worth our time? FW: Invitation: Workshop on Datasets
for Network Security
Jared Mauch
jared at puck.nether.net
Sun Jan 11 15:14:52 EST 2004
On Jan 11, 2004, at 2:26 AM, Christopher L. Morrow wrote:
> I agree with your questions to the originator in your follow-up
> email...
> What 'datasets' are they looking for that can't be made by an AdTran or
> Ixia ?
>
>
Ok, so perhaps it may not be as transparent as this but ..
I suspect this could be a pretense to them wanting to make some
proposal for IDS type systems in order to allow DHS (and other
agencies) to collect information about various attack profiles. I
think we all clearly know that real-world traffic is valuable.
Millions are spent at Cisco (and elsewhere) to try to simulate this
traffic in their labs to detect subtle software bugs that occur under
some strange conditions.
They may be interested in hearing what data that we have to share that
we've collected.
eg: i've seen mostly proto 0/255 attacks, vs icmp flood, vs udp flood,
etc..
I do wish that if this is the path they're going, they will also be
doing this jointly with DOJ/FBI types in order to get a responsive
avenue in order to deal with DoS incidents. This combined with some
software liability legislation (Hello Redmond!) that phases in over the
next 10 years might help.
- Jared
(just my .02)
More information about the scg-sec
mailing list