Tuesday, April 19, 2005

Things I have been thinking about...

Internet Traffic Analysis: This has long been a major topic at NANOG. I have heard several interesting discussions concerning tracking where spikes in the infrastructure are coming from, and their destinations. Here and Here. I am more curious about a seismic like data concerning massed DDoS attacks. Symantec has a product called deepsight similar to what I am thinking about, not sure whether there are other vendors with similar products.

I am interested in seeing a database that has remote probes scattered across the internet colo'd at prime target destination subnets collecting and analyzing inbound traffic. The model looks like a worldwide IDS, learning about new traffic and attacks as they are being assembled. The idea needs some more work. Just rolling it around in my head at the moment.

3 comments:

Anonymous said...

Certainly an interesting Computer Science problem to solve...

Some interesting insights can be gleaned from the following URL, citing a recent publication on DdoS...what's of most import is the listing of vendors at the bottom, some of them able to provide the ability to "watch" up to millions of addresses at "WireSpeed"...

http://www.bookpool.com/sm/0131475738

Schneier has often commented on what a trickly problem this can be...especially when the root servers are getting hit...

-Troy

Anonymous said...

Hi. Came accross this site today - fly fishing. I believe it's new and I'm looking for recommendations from someone who knows, before I buy this fly fishing training book.
fly fishing

Anonymous said...

I like your blog, it is informative and interesting.

Cheers,

fishing trip