notes from an admin for himself. you can read it if you want.

Entries Comments

Custom Search

Predictive dynamic blacklisting

24 July, 2008 (05:36) | prediction, security, software

Are they ever going to call it blocklisting and smurf listing or something? This black and white thing generates some bad press. ANYHOW…

SRI and SANS came up with this sweet predictive blacklist fun. It reminds me of what Symantec used to do with their free log reader software, Deepsight . Symantec used to give this log aggregation software away, feed all the data into it’s own servers and then provide threat analysis to it’s enterprise customers. Nobody had a free central log reader out for windows clients then so it seemed like a good idea at the time.  I didn’t have time to read logs from over 1000 machines. Part of the image was the magic of deepsight. I gave Symantec 1000 private IPs with DNS names to analyze and they gave me a daily email showing where my threats were coming from. It was even HTML email. OOooOOooOOoo. Anyhow under the hood was the same deal as this blacklist “predictor” which predicts nothing… It shows you a current threat and distributes that data based on comparing some logs. Still cool stuff just a funny name for free stuff. I expect it to cost money soon.

Now the open source community catches up! This is super cool. Hooray for open source that currently is exciting and will soon be purchased or boring and unsupported!



Write a comment