|
The guys at Openpacket.org are finally out of development and have released a working project. This has been in the works for a while, and is a VERY much needed service for the security and networking community. The basic idea is us in the community submit pcaps to openpacket, they archive and index them. Why would this be useful? I'll tell ya. How many times have you gone to write a signature about some protocol but weren't sure what "normal" traffic on that port looks like? Normally we'd then go somewhere to find that protocol in use, get pcaps, wait, grab the wrong stream, try again, finally get a sample pcap. Well, now you can just go there, search for stuff, downlaod and go. If you have a pcap that was useful to you you can add it to the archive. From the Emerging Threats persepctive, we're going to try hard to put pcaps of exploits up on openpacket.org and use those as references from documentation about rules. That'll help us go back in time and figure out what the heck we were thinkign when we wrote a rule. Anyway, congratulations to Richard and the guys at Openpacket. They've been working hard to get this online. Here's a reference to the announcement: http://taosecurity.blogspot.com/2008/04/openpacketorg-10-is-live.html And the site itself is http://www.openpacket.org
|
