[scg-sec] Worth our time? FW: Invitation: Workshop on Datasets
for Network Security
Christopher L. Morrow
chris at UU.NET
Mon Jan 12 02:58:51 EST 2004
On Mon, 12 Jan 2004, Sean Donelan wrote:
> On Sun, 11 Jan 2004, Jared Mauch wrote:
> > Barry, (i was thinking about calling you about this anyways ..)
> > I'm a bit concerned that the desire by DHS to create as is called
> > "national-level" testbeds will exclude those providers that have
> > built a network with the global perspective in mind as opposed to those
> > that are only concerned with "protecting our national interests".
>
> I'm getting a lot of requests for data about, on and sniffed from
> our networks.
not that we can provide this data anyway... without a court order, then
only very specific data, ala carnivore.
>
> Extending CALEA to ISPs, establishing a national early warning
> cyber-monitoring center, collecting large scale test sets for
> product evaluations.
>
> How does this help ISPs?
it doesn't really... isp's (large ones atleast) already deal with DoS/DDoS
today. We beat down vendors to do the 'right thing' and mostly they comply
after a fashion. In the long term though, research that the Gov't sponsors
we'd (in the uunet we, not the isp's we) like to see research on removing
the control plane from the data path... working out the sticky points of
this is what would really help ISP/NSP's in the DoS/DDoS realm. All this
IDS crapola and 'how do I filter this?' is just delaying the inevitable.
The vendors are working 'ok' toward the short term goals (line rate
filtering on all interfaces without performance impacts), but no one is
working out the 5 year plan.
>
> A large scale test set to evaluated IDS systems only makes sense
> if ISPs are planning to deploy large-scale IDS systems. How many
> ISPs have plans to deploy such systems? Does DHS plan to deploy
none. (atleast no smart ones)
> such systems on ISP networks, which is driving their requirement
DHS can, on their links to the internet, or on all US Gov't links to the
internet...
Sorry for the harshness, but let's focus on what matters, not another IDS
that is pointless and will not help out in the least.
More information about the scg-sec
mailing list