[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
quietly....
On 2/4/2011 9:25 PM, George Bonser wrote:
> Maybe because it is just easier to do a transparent redirect to the ISPs
> mail server and look for patterns there.
Analyzing flows generally isn't any more difficult than analyzing mail
log patterns. It doesn't have the queue and check mechanism of a
transparent redirect, but transparent redirects break certain types of
mail connections as well. It is good practice for an ISP to run flow
analysis anyways to detect bad traffic patterns.
What I really want and haven't had time to write is a good procedure
that establishes dynamic policies for flow pattern matches which causes
the suspect packets to start tag switching to an analysis server where
it is closer examined before actual filters are updated.
I'd really like to see standards developed which router vendors
supported to make such dynamic policies easier to update, along with the
filters themselves. Perhaps we'll see it after more pressing IPv6
concerns are addressed.
Jack
- References:
- quietly....
- From: jra at baylink.com (Jay Ashworth)
- quietly....
- From: mhuff at ox.com (Matthew Huff)
- quietly....
- From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- quietly....
- From: lowen at pari.edu (Lamar Owen)
- quietly....
- From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- quietly....
- From: drais at icantclick.org (david raistrick)
- quietly....
- From: owen at delong.com (Owen DeLong)
- quietly....
- From: drais at icantclick.org (david raistrick)
- quietly....
- From: owen at delong.com (Owen DeLong)
- quietly....
- From: jbates at brightok.net (Jack Bates)
- quietly....
- From: owen at delong.com (Owen DeLong)
- quietly....
- From: jbates at brightok.net (Jack Bates)
- quietly....
- From: gbonser at seven.com (George Bonser)