IP Reputation and Distributed Blocking Working Group

This group has the responsibility of making implementation recommendations for the IP Reputation and distributed blocking functionality of the OISF IDS Engine. The primary questions to make recommendations about are:

  • What scoring system and scale to use (i.e. -100 to +100, 0 to 10, etc)
  • What categories to rate for? (i.e. spammer, Bot CnC?, open proxy, scanner, brute forcer, Public Service (google), etc)
  • How to handle whitelisting.
  • How to integrate distributed blocking into this single feed.
  • How to make this feature both group/open reputation and commercial reputation fed.

Matt Jonkman (jonkman@jonkmans.com) leads this group for the time being. This groups recommendations are due on August 12th, 2009. They should be posted here and to the OISF Discussion Mailing lists.

This group's mailing list for discussion is available here: http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-wg-ipreputation

-- MattJonkman - 28 Jul 2009

Edit | Attach | Print version | History: r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 2009-07-28 - MattJonkman
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats